Re: [patch] /proc race fixes for 2.2.1 (fwd)

[e8903122 () student tuwien ac at (Richard Kail)]

Hello !

There seems to be anoter /proc race in the 2.2.1 linux kernel.
I will explain this with an example:

modprobe coda.o     # will load coda.o as dynamically module
                    # the kernel will create a /proc/fs/coda directory
                    # on the fly.

cd /proc/fs/coda    # make shell chdir("/proc/fs/coda")

rmmod coda.o        # works ! (shouldn't)

ls -l               # generate a oops.

after this, the coda.o module seems not to work at all. Maybe this is a
systematic problem of more than one driver. I am not a kernel hacker, so I
can't check all kernel modules for this kind of problem.

Since a user can control the whole process I think has security
implications.

A user can trigger a "modprobe module" command using the kerneld (oh, its
called kmod now...) mechanism.

A user can chdir /proc/fs/coda.

If the system has implemented the cron job as suggested in
linux/Documentation/kmod.txt the user has just to wait with
wd=/proc/fs/code to crash the system.

Kind regards,
        Richard

------
"One day, computer power will eventually outstrip demand, and OS engineers
will be free to use friendly languages like LISP again.. until then, I
think we're stuck with C."                         -- Oliver Xymoro