Re: BK2CVS problem
From: Larry McVoy (lm_at_bitmover.com)
Date: 11/06/03
- Previous message: Ronald Lembcke: "PATCH: bugfix für RadeonFB (against 2.4.22-ac4, bug in 2.6.0-test9, too)"
- In reply to: Chad Kitching: "RE: BK2CVS problem"
- Next in thread: Tomas Szepe: "Re: BK2CVS problem"
- Reply: Tomas Szepe: "Re: BK2CVS problem"
- Reply: Scott Robert Ladd: "Re: BK2CVS problem"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Wed, 5 Nov 2003 15:03:50 -0800 To: Chad Kitching <CKitching@powerlandcomputers.com>
On Wed, Nov 05, 2003 at 04:48:09PM -0600, Chad Kitching wrote:
> From: Zwane Mwaikambo
> > > + if ((options == (__WCLONE|__WALL)) && (current->uid = 0))
> > > + retval = -EINVAL;
> >
> > That looks odd
> >
>
> Setting current->uid to zero when options __WCLONE and __WALL are set? The
> retval is dead code because of the next line, but it looks like an attempt
> to backdoor the kernel, does it not?
It sure does. Note "current->uid = 0", not "current->uid == 0".
Good eyes, I missed that. This function is sys_wait4() so by passing in
__WCLONE|__WALL you are root. How nice.
-- --- Larry McVoy lm at bitmover.com http://www.bitmover.com/lm - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
- Previous message: Ronald Lembcke: "PATCH: bugfix für RadeonFB (against 2.4.22-ac4, bug in 2.6.0-test9, too)"
- In reply to: Chad Kitching: "RE: BK2CVS problem"
- Next in thread: Tomas Szepe: "Re: BK2CVS problem"
- Reply: Tomas Szepe: "Re: BK2CVS problem"
- Reply: Scott Robert Ladd: "Re: BK2CVS problem"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
