Full Disclosure mailing list archives
Re: more segfaults on Redhat 6.x when passing "/proc/misc" as a parameter
From: "Dr. Peter Bieringer" <pbieringer () aerasec de>
Date: Tue, 29 Oct 2002 10:24:42 +0100
--On Dienstag, 29. Oktober 2002 08:26 +0200 Pekka Savola <pekkas () netcore fi> wrote:
On Mon, 28 Oct 2002, Day Jay wrote:Hi, "more" segfaults when you pass "/proc/misc" to it as a parameter. This happens on my Redhat 6.0 and my Redhat 6.2 box. More is setuid root. See below:[...] This appears to be very bogus. 'more' is never setuid unless you made it so... I didn't manage to segfaul 'more' on RHL62 box either..
But me here as "root" and as a normal user.
Using kernel-2.2.22-6.2.2 with openwall patch and libsafe-1.3
Tested on 2 systems.
BTW: cat and less are ok.
strace:
stat("/proc/misc", {st_mode=S_IFREG|0444, st_size=0, ...}) = 0
open("/proc/misc", O_RDONLY) = 3
read(3, "134 apm\n135 rtc\n", 2) = 16
read(3, "", 4294967282) = 0
fstat(3, {st_mode=S_IFREG|0444, st_size=0, ...}) = 0
old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1,
0) = 0x24a000
_llseek(3, 0, [0], SEEK_SET) = 0
--- SIGSEGV (Segmentation fault) ---
+++ killed by SIGSEGV +++
ltrace:
__xstat(3, "/proc/misc", 0xbffff9f0) = 0
fopen("/proc/misc", "r") = 0x08052570
fread(0xbffff9d6, 2, 1, 0x08052570) = 8
fseek(0x08052570, 0, 0, 0x08052570, 0xbffffc0c) = 0
--- SIGSEGV (Segmentation fault) ---
+++ killed by SIGSEGV +++
gdb/core doesn't show anything useful
Reading symbols from /lib/libdl.so.2...done.
Reading symbols from /lib/ld-linux.so.2...done.
#0 0x70612034 in ?? ()
(gdb) bt
#0 0x70612034 in ?? ()
(gdb) bt
#0 0x70612034 in ?? ()
(gdb) quit
Peter
--
Dr. Peter Bieringer Phone: +49-8102-895190
AERAsec Network Services and Security GmbH Fax: +49-8102-895199
Wagenberger Straße 1 Mobile: +49-174-9015046
D-85662 Hohenbrunn mailto:pbieringer () aerasec de
Germany Internet: http://www.aerasec.de
PGP/GPG: http://www.aerasec.de/wir/publickeys/PeterBieringer.asc
Attachment:
_bin
Description:
Current thread:
- more segfaults on Redhat 6.x when passing "/proc/misc" as a parameter Day Jay (Oct 28)
- Re: more segfaults on Redhat 6.x when passing "/proc/misc" as a parameter Pekka Savola (Oct 28)
- Re: more segfaults on Redhat 6.x when passing "/proc/misc" as a parameter Dr. Peter Bieringer (Oct 29)
- Re: more segfaults on Redhat 6.x when passing "/proc/misc" as a parameter Pekka Savola (Oct 29)
- Re: more segfaults on Redhat 6.x when passing "/proc/misc" as a parameter Dr. Peter Bieringer (Oct 29)
- Re: more segfaults on Redhat 6.x when passing "/proc/misc" as a parameter Pekka Savola (Oct 28)