lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <CABawtvMCyWL1DQb4Q4jM_S0mGWO+V5t_qtq94aE78ar75=+ouA@mail.gmail.com>
Date:	Fri, 23 Jan 2015 23:30:47 +0800
From:	Ethan Zhao <ethan.kernel@...il.com>
To:	Davidlohr Bueso <dave@...olabs.net>
Cc:	ethan zhao <ethan.zhao@...cle.com>,
	Stephen Smalley <stephen.smalley@...il.com>,
	Manfred Spraul <manfred@...orfullife.com>,
	Stephen Smalley <sds@...ho.nsa.gov>,
	James Morris <james.l.morris@...cle.com>,
	"Serge E. Hallyn" <serge@...lyn.com>,
	Eric Paris <eparis@...isplace.org>,
	Paul Moore <paul@...l-moore.com>,
	selinux <selinux@...ho.nsa.gov>,
	linux-security-module@...r.kernel.org,
	LKML <linux-kernel@...r.kernel.org>, ethan.kernel@...il.conm
Subject: Re: [PATCH] Selinux/hooks.c: Fix a NULL pointer dereference caused by semop()

Davidlohr,

    I read your commit 53dad6d3a8e5ac1af8bacc6ac2134ae1a8b085f1,
    ipc: fix race with LSMs

    The issue we hit without the above patch, the race may happen  when
process call semctl with IPC_RMID just as  Manfred Spraul mentioned:

Thread A:
   IPC_RMID
   -> freeary()
       ->wake_up_sem_queue_do()
                                                                   Thread B:
       ->security_sem_free()                           semtimedop()

->ipcperms()
       ->ipc_rcu_putref()

   If this is the only race, the bug should be fixed with your patch applied
  (not verified yet on my case).


Thanks,
Ethan



On Fri, Jan 23, 2015 at 11:30 AM, Davidlohr Bueso <dave@...olabs.net> wrote:
> On Fri, 2015-01-23 at 10:19 +0800, ethan zhao wrote:
>> >   If not, what kernel
>> > version were you running when you triggered the bug?
>>   To be honest, a kernel from distro, but not released, but before we
>> get it clear, we wouldn't public more.
>
> Sheesh, could Oracle be any more (ridiculously) secretive about what the
> hell kernel(s) they run... it's like pulling teeth. *sigh*
>
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ