lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:	Sun, 10 Oct 2010 15:49:53 +0100
From:	Al Viro <viro@...IV.linux.org.uk>
To:	Geert Uytterhoeven <geert@...ux-m68k.org>
Cc:	linux-m68k@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: aranym bug, manifests as "ida_remove called for id=13" on recent
 kernels

On Sun, Oct 10, 2010 at 11:47:20AM +0200, Geert Uytterhoeven wrote:
> > The cheapest way to reproduce is to boot with init=/bin/sh, then
> > mount /proc and have stat("/proc/2/exe", &st) called; if stat()
> > returns 0, we are fscked. ??The critical part is between return
> > from proc_exe_link() (we'll leave it via if (!mm) return -ENOENT;)
> > to return from __do_follow_link() -> do_follow_link() -> link_path_walk().
> 
> I booted 2.6.36-rc7-atari-00360-g0dd2e6a (my current private test kernel) with
> init=/bin/sh, mounted /proc, and tried
> 
>     for i in $(seq 1000); do stat /proc/2/exe; done
> 
> a few times, but I didn't see any ida_remove messages.
> It cannot read the /proc/2/exe symlink, though.
> 
> This is on aranym-0.9.9-1 from Ubuntu/amd64.

stat -L /proc/2/exec, otherwise you'll hit lstat() instead of stat().
And FWIW 0.9.10-1 squeeze/amd64 also triggers here...
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists