oss-sec mailing list archives
Re: CVE Request -- kernel: futex: clear robust_list on execve
From: Petr Matousek <pmatouse () redhat com>
Date: Wed, 9 May 2012 21:21:05 +0200
On Tue, May 08, 2012 at 04:08:17AM +0400, Solar Designer wrote: <snip>
Well, if that process itself is multi-threaded (and other threads are not exiting yet), it possibly can be exploited (through affecting those other threads). Is this the only attack scenario?
This is the attack scenario that I considered when filing this bug, yes.
Do we know of any SUID/SGID/fscaps-privileged multi-threaded programs? OK, I suppose that some proprietary ones exist (likely with plenty of vulnerabilities in them). ;-)
I haven't looked extensively for those. I can imagine such programs, but I admit I come from Windows world, so I might be a little bit biased. Petr
Current thread:
- Re: CVE Request -- kernel: futex: clear robust_list on execve Solar Designer (May 07)
- Re: CVE Request -- kernel: futex: clear robust_list on execve Solar Designer (May 07)
- Re: CVE Request -- kernel: futex: clear robust_list on execve Petr Matousek (May 09)
- Re: CVE Request -- kernel: futex: clear robust_list on execve Solar Designer (May 09)
- Re: CVE Request -- kernel: futex: clear robust_list on execve Petr Matousek (May 09)
- Re: CVE Request -- kernel: futex: clear robust_list on execve Petr Matousek (May 09)
- Re: CVE Request -- kernel: futex: clear robust_list on execve Solar Designer (May 07)