lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:   Thu, 12 Sep 2019 15:40:19 +0200
From:   Christian Brauner <christian.brauner@...ntu.com>
To:     torvalds@...ux-foundation.org
Cc:     linux-kernel@...r.kernel.org
Subject: [GIT PULL] clone3 exit signal fix

Hi Linus,

This is a rather urgent last-minute bugfix for clone3() that should go in
before we release 5.3 with clone3().

clone3() did not verify that the exit_signal argument was set to a valid
signal. This can be used to cause a crash by specifying a signal greater
than NSIG. e.g. -1.

The commit from Eugene adds a check to copy_clone_args_from_user() to
verify that the exit signal is limited by CSIGNAL as with legacy clone()
and that the signal is valid. With this we don't get the legacy clone
behavior were an invalid signal could be handed down and would only be
detected and then ignored in do_notify_parent(). Users of clone3() will now
get a proper error right when they pass an invalid exit signal. Note, that
this is not a change in user-visible behavior since no kernel with clone3()
has been released yet.

The following changes since commit f74c2bb98776e2de508f4d607cd519873065118e:

  Linux 5.3-rc8 (2019-09-08 13:33:15 -0700)

are available in the Git repository at:

  git@...olite.kernel.org:pub/scm/linux/kernel/git/brauner/linux tags/for-linus-20190912

for you to fetch changes up to a0eb9abd8af92d1aa34bc1e24dfbd1ba0bd6a56c:

  fork: block invalid exit signals with clone3() (2019-09-12 14:56:33 +0200)

Please consider pulling these changes from the signed for-linus-20190912 tag.

Thanks!
Christian

----------------------------------------------------------------
for-linus-20190912

----------------------------------------------------------------
Eugene Syromiatnikov (1):
      fork: block invalid exit signals with clone3()

 kernel/fork.c | 10 ++++++++++
 1 file changed, 10 insertions(+)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ