oss-sec mailing list archives
Re: CVE request: pid namespace leak in kernel 3.0 and 3.1
From: "Eric W. Biederman" <ebiederm () xmission com>
Date: Thu, 19 Apr 2012 19:20:45 -0700
Eugene Teo <eugeneteo () kernel sg> wrote:
On Fri, Apr 20, 2012 at 5:48 AM, Marcus Meissner <meissner () suse de> wrote:we had a user, Vadim Ponomarev (ccrssaa at karelia.ru), report a pid namespace leak caused by vsftpd. https://bugzilla.novell.com/show_bug.cgi?id=757783 He provided a simple reproducer:[...]and checking "cat /proc/slabinfo|grep pid_namespace" gives 10000 more active slots after running it on 3.0.13 (+SUSEpatches) and 3.1.10 (+SUSE patches).Running this on 3.2.0 (+SUSE Patches) did not result in more slots,so it was probablyfixed between 3.1 and 3.2 (but someone else cross check perhaps). Any idea welcome on which patch fixed this, I tried1b26c9b334044cff6d1d2698f2be41bc7d9a0864but it seems not helping.I tested this with 3.0.25-rt44.57.el6rt.x86_64 yesterday, and I was able to trigger the issue. The process needs to be privileged with CAP_SYS_ADMIN. Eric, besides struct pid_namespace, there is a corresponding struct pid_2 leak.
Hmm. So we know what is holding the pid namespace reference. Additional thoughts. Does echo 3 > /proc/sys/vm/drop_caches clear up the issue? Is there a corresponding task_struct leak? Are the zombies getting reaped? I don't have much of a clue or much concern as this seems fixed in later kernels but I am happy to suggest things to look for to help narrow this down. Eric
Current thread:
- CVE request: pid namespace leak in kernel 3.0 and 3.1 Marcus Meissner (Apr 19)
- Re: CVE request: pid namespace leak in kernel 3.0 and 3.1 Eugene Teo (Apr 19)
- Re: CVE request: pid namespace leak in kernel 3.0 and 3.1 Eric W. Biederman (Apr 19)
- Re: CVE request: pid namespace leak in kernel 3.0 and 3.1 Eugene Teo (Apr 19)
- Re: CVE request: pid namespace leak in kernel 3.0 and 3.1 Pavel Emelyanov (Apr 19)
- Re: CVE request: pid namespace leak in kernel 3.0 and 3.1 Eric W. Biederman (Apr 20)
- Re: CVE request: pid namespace leak in kernel 3.0 and 3.1 Pavel Emelyanov (Apr 20)
- Re: CVE request: pid namespace leak in kernel 3.0 and 3.1 Eric W. Biederman (Apr 20)
- Re: CVE request: pid namespace leak in kernel 3.0 and 3.1 Eric W. Biederman (Apr 19)
- Re: Re: CVE request: pid namespace leak in kernel 3.0 and 3.1 Marcus Meissner (Apr 20)
- Re: Re: CVE request: pid namespace leak in kernel 3.0 and 3.1 Eric W. Biederman (Apr 20)
- Re: Re: CVE request: pid namespace leak in kernel 3.0 and 3.1 Marcus Meissner (Apr 20)
- Re: CVE request: pid namespace leak in kernel 3.0 and 3.1 Eugene Teo (Apr 19)
- Re: CVE request: pid namespace leak in kernel 3.0 and 3.1 Eric W. Biederman (Apr 20)
- Re: Re: CVE request: pid namespace leak in kernel 3.0 and 3.1 Marcus Meissner (Apr 22)