| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: andfarm at teknovis.com (Andrew Farmer) Subject: Linux kernel file offset pointer races On 4 Aug 2004, at 03:22, Paul Starzetz wrote: > Synopsis: Linux kernel file offset pointer handling > Product: Linux kernel > Version: 2.4 up to to and including 2.4.26, 2.6 up to to and > including 2.6.7 > Vendor: http://www.kernel.org/ > URL: http://isec.pl/vulnerabilities/isec-0016-procleaks.txt > CVE: CAN-2004-0415 > Author: Paul Starzetz <ihaquer@...c.pl> > Date: Aug 04, 2004 > > Issue: > ====== > > A critical security vulnerability has been found in the Linux > kernel > code handling 64bit file offset pointers. ... Even discounting the mangling in this posting, the code doesn't work as advertised under 2.6.7. I've tried a number of different scenarios: multiple machines, slow storage, fast storage, large files, small files - but _llseek(pfd, 0, 0, &off, SEEK_CUR) doesn't fail. Is this just because I'm stupid or because the code supplied is incorrect? Furthermore, mtrr_read doesn't seem to exist anywhere in the Linux kernel, at least not by that name. The function in question would probably exist in linux/arch/i386/kernel/cpu/mtrr/if.c, but there's nothing of the sort in there. Heck, the kernel code shown isn't even VALID. My fault or Paul's? -------------- next part -------------- A non-text attachment was scrubbed... Name: PGP.sig Type: application/pgp-signature Size: 186 bytes Desc: This is a digitally signed message part Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20040804/655e9c7b/PGP.bin
Powered by blists - more mailing lists