lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Sun, 10 Oct 2010 15:49:53 +0100 From: Al Viro <viro@...IV.linux.org.uk> To: Geert Uytterhoeven <geert@...ux-m68k.org> Cc: linux-m68k@...r.kernel.org, linux-kernel@...r.kernel.org Subject: Re: aranym bug, manifests as "ida_remove called for id=13" on recent kernels On Sun, Oct 10, 2010 at 11:47:20AM +0200, Geert Uytterhoeven wrote: > > The cheapest way to reproduce is to boot with init=/bin/sh, then > > mount /proc and have stat("/proc/2/exe", &st) called; if stat() > > returns 0, we are fscked. ??The critical part is between return > > from proc_exe_link() (we'll leave it via if (!mm) return -ENOENT;) > > to return from __do_follow_link() -> do_follow_link() -> link_path_walk(). > > I booted 2.6.36-rc7-atari-00360-g0dd2e6a (my current private test kernel) with > init=/bin/sh, mounted /proc, and tried > > for i in $(seq 1000); do stat /proc/2/exe; done > > a few times, but I didn't see any ida_remove messages. > It cannot read the /proc/2/exe symlink, though. > > This is on aranym-0.9.9-1 from Ubuntu/amd64. stat -L /proc/2/exec, otherwise you'll hit lstat() instead of stat(). And FWIW 0.9.10-1 squeeze/amd64 also triggers here... -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists