| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CADhJXG3kGd-HH4ePGH1ESx=B=_=UbZkYrgwTjef5sebp8eR7+w@mail.gmail.com>
Date: Wed, 1 Feb 2017 14:37:33 +0100
From: Stanisław Busza <s.busza@...il.com>
To: linux-kernel@...r.kernel.org
Subject: [BUG] Probably bug concerning write to /proc/self/loginuid
Hello, this is my first message to the linux kernel development list.
I probably found a bug in the linux kernel.
It affects all kernels since 2.6.12, especially 4.9 that i use.
Lets take a look at the file: fs/proc/base.c and function
proc_loginuid_write() (circa 1264 line):
static ssize_t proc_loginuid_write(struct file * file, const char __user * buf,
size_t count, loff_t *ppos)
{
struct inode * inode = file_inode(file);
uid_t loginuid;
kuid_t kloginuid;
int rv;
/* here is check that is interesting for us */
rcu_read_lock();
if (current != pid_task(proc_pid(inode), PIDTYPE_PID)) {
rcu_read_unlock();
return -EPERM;
}
rcu_read_unlock();
I marked with comment the place where function checks which process is
writing to file.
Problem occurs when multithreaded application tries to write
/proc/self/loginuid.
For first thread that is spawned write succeeds. For any other thread
write fails (threads have different pids in linux).
So my question is whether this is a bug or intentional behavior.
----------------------------------------------------------
Stanisław Busza
Powered by blists - more mailing lists