oss-sec mailing list archives
CVE-2010-0729 kernel: ia64: ptrace: peek_or_poke requests miss ptrace_check_attach()
From: Eugene Teo <eugeneteo () kernel sg>
Date: Fri, 12 Mar 2010 14:32:49 +0800
The "ia64: fix deadlock in ia64 sys_ptrace" patch (no reference as it's only added in our shipped kernels) moved ptrace_check_attach() from find_thread_for_addr() to tasklist-is-not-held area. However it introduced other problems.
One of the problems is security-relevant. In certain code path, it is possible that ptrace_check_attach() is not called, and the user can do ptrace() on any target even without PTRACH_ATTACH.
This only affects Red Hat Enterprise Linux 4. https://bugzilla.redhat.com/CVE-2010-0729 Thanks, Eugene
Current thread:
- CVE-2010-0729 kernel: ia64: ptrace: peek_or_poke requests miss ptrace_check_attach() Eugene Teo (Mar 11)