oss-sec mailing list archives
CVE request: kernel: exit_notify: kill the wrong capable(CAP_KILL) check
From: Eugene Teo <eugene () redhat com>
Date: Tue, 07 Apr 2009 13:37:23 +0800
A malicious application can execute a setuid binary before exit. This would mean that we will not reset the ->exit_signal to SIGCHLD unless the binary drops CAP_KILL. https://bugzilla.redhat.com/show_bug.cgi?id=493771 http://git.kernel.org/linus/432870dab85a2f69dc417022646cb9a70acf7f94 Chris/Greg, we probably need this in -stable. Thanks, Eugene -- Eugene Teo, RHCA, RHCSS / Red Hat Security Response Team
Current thread:
- CVE request: kernel: exit_notify: kill the wrong capable(CAP_KILL) check Eugene Teo (Apr 06)
- Re: CVE request: kernel: exit_notify: kill the wrong capable(CAP_KILL) check Steven M. Christey (Apr 17)