oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

CVE request - kernel: xfs swapext ioctl issue

From: Eugene Teo <eugeneteo () kernel sg>
Date: Thu, 17 Jun 2010 18:42:03 +0800
User "foo" can use the SWAPEXT ioctl to swap a write-only file owned by user "bar" into a file owned by "foo" and subsequently reading it. It does so by checking that the file descriptors passed to the ioctl are also opened for reading. 

References:
https://bugzilla.redhat.com/show_bug.cgi?id=605158
http://archives.free.net.ph/message/20100616.130710.301704aa.en.html
http://archives.free.net.ph/message/20100616.135735.40f53a32.en.html

Thanks, Eugene
--
main(i) { putchar(182623909 >> (i-1) * 5&31|!!(i<7)<<6) && main(++i); }
Previous By Date Next
Previous By Thread Next

Current thread: