lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Sun, 10 Oct 2010 22:18:03 +0200
From:	Geert Uytterhoeven <geert@...ux-m68k.org>
To:	Al Viro <viro@...iv.linux.org.uk>
Cc:	linux-m68k@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: aranym bug, manifests as "ida_remove called for id=13" on recent kernels

On Sun, Oct 10, 2010 at 16:49, Al Viro <viro@...iv.linux.org.uk> wrote:
> On Sun, Oct 10, 2010 at 11:47:20AM +0200, Geert Uytterhoeven wrote:
>> > The cheapest way to reproduce is to boot with init=/bin/sh, then
>> > mount /proc and have stat("/proc/2/exe", &st) called; if stat()
>> > returns 0, we are fscked. ??The critical part is between return
>> > from proc_exe_link() (we'll leave it via if (!mm) return -ENOENT;)
>> > to return from __do_follow_link() -> do_follow_link() -> link_path_walk().
>>
>> I booted 2.6.36-rc7-atari-00360-g0dd2e6a (my current private test kernel) with
>> init=/bin/sh, mounted /proc, and tried
>>
>>     for i in $(seq 1000); do stat /proc/2/exe; done
>>
>> a few times, but I didn't see any ida_remove messages.
>> It cannot read the /proc/2/exe symlink, though.
>>
>> This is on aranym-0.9.9-1 from Ubuntu/amd64.
>
> stat -L /proc/2/exec, otherwise you'll hit lstat() instead of stat().
> And FWIW 0.9.10-1 squeeze/amd64 also triggers here...

Still, just "stat: cannot stat `proc/2/exe': No such file or directory" here...

Gr{oetje,eeting}s,

                        Geert

--
Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- geert@...ux-m68k.org

In personal conversations with technical people, I call myself a hacker. But
when I'm talking to journalists I just say "programmer" or something like that.
                                -- Linus Torvalds
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ