| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <482B2108.4090902@jackal-net.at> Date: Wed, 14 May 2008 19:27:36 +0200 From: Michael Lang <Michael.Lang@...kal-net.at> To: linux-kernel@...r.kernel.org Subject: Kernel Panic when accessing NFS share and locking files Hi, we encountered a serious problem, when using Solaris NFS (Server) accessing it with a CentOS5.1/RHEL5.1 client. There are more occurrences of the problem, one i felt over when tried to recreate a different one was, that a unprivileged User is able to Kernel Panic a machine with a few lines of code. I tested it with the result that 3 threads requesting a lock on the same file already cause the kernel panic. Since this is my first kernel bug request, and it's at least for my understandig a security problem, i will provide the code for recreation to a closed group only. Please point me to the right group ... Call Trace: [<ffffffff80012323>] __fput+0x94/0x198 [<ffffffff8002e2d2>] sys_fcntl+0x2d0/0x2dc [<ffffffff8005b28d>] tracesys+0xd5/0xe0 Code: 0f 0b 68 8a de 28 80 c2 c7 07 48 89 c3 48 8b 03 48 85 c0 75 RIP [<ffffffff80027073>] locks_remove_flock+0xe4/0x122 RSP <ffff81000be87e48> regards Michael Lang -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists