oss-sec mailing list archives
Re: CVE request - kernel: xfs swapext ioctl issue
From: Josh Bressers <bressers () redhat com>
Date: Fri, 18 Jun 2010 11:27:15 -0400 (EDT)
Please use CVE-2010-2226 for this. Thanks. -- JB ----- "Eugene Teo" <eugeneteo () kernel sg> wrote:
User "foo" can use the SWAPEXT ioctl to swap a write-only file owned by user "bar" into a file owned by "foo" and subsequently reading it. It does so by checking that the file descriptors passed to the ioctl are also opened for reading. References: https://bugzilla.redhat.com/show_bug.cgi?id=605158 http://archives.free.net.ph/message/20100616.130710.301704aa.en.html http://archives.free.net.ph/message/20100616.135735.40f53a32.en.html Thanks, Eugene -- main(i) { putchar(182623909 >> (i-1) * 5&31|!!(i<7)<<6) && main(++i); }
Current thread:
- CVE request - kernel: xfs swapext ioctl issue Eugene Teo (Jun 17)
- Re: CVE request - kernel: xfs swapext ioctl issue Josh Bressers (Jun 18)