oss-sec mailing list archives
Re: kernel: btrfs: check for read permission on src file in the clone ioctl
From: Dan Rosenberg <dan.j.rosenberg () gmail com>
Date: Tue, 18 May 2010 13:44:40 -0400
Ubuntu 10.4 ships with a kernel that supports btrfs: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/579585 In case the bug description needs clarification, the bug allows an unprivileged user to clone files that can be opened for writing without read permissions. Since cloning results in the creation of a duplicate copy owned by the user who performed the cloning operation, this is an information disclosure vulnerability. -Dan On Tue, May 18, 2010 at 5:13 AM, Eugene Teo <eugene () redhat com> wrote:
The existing [btrfs] code would have allowed you to clone a file that was only open for writing. Not an expected behaviour. Upstream commit: http://git.kernel.org/linus/5dc6416414fb3ec6e2825fd4d20c8bf1d7fe0395 Reference: https://bugzilla.redhat.com/show_bug.cgi?id=593226 I'm not requesting a CVE name for this as it did not affect any of Red Hats' supported Linux kernels. Thanks, Eugene -- main(i) { putchar(182623909 >> (i-1) * 5&31|!!(i<7)<<6) && main(++i); }
Current thread:
- kernel: btrfs: check for read permission on src file in the clone ioctl Eugene Teo (May 18)
- Re: kernel: btrfs: check for read permission on src file in the clone ioctl Dan Rosenberg (May 18)
- Re: kernel: btrfs: check for read permission on src file in the clone ioctl Josh Bressers (May 25)