| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 30 Jul 2008 12:52:53 +0200 From: Patrick McHardy <kaber@...sh.net> To: Pavel Emelyanov <xemul@...nvz.org> CC: David Miller <davem@...emloft.net>, Linux Netdev List <netdev@...r.kernel.org>, Netfilter Development Mailinglist <netfilter-devel@...r.kernel.org> Subject: Re: [PATCH] ipt_recent: fix race between recent_mt_destroy and proc manipulations Pavel Emelyanov wrote: > The thing is that recent_mt_destroy first flushes the entries > from table with the recent_table_flush and only *after* this > removes the proc file, corresponding to that table. > > Thus, if we manage to write to this file the '+XXX' command we > will leak some entries. If we manage to write there a 'clean' > command we'll race in two recent_table_flush flows, since the > recent_mt_destroy calls this outside the recent_lock. > > The proper solution as I see it is to remove the proc file first > and then go on with flushing the table. This flushing becomes > safe w/o the lock, since the table is already inaccessible from > the outside. Applied, thanks. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists