oss-sec mailing list archives
Re: Status of two Linux kernel issues w/o CVE assignments
From: Vasiliy Kulikov <segoon () openwall com>
Date: Tue, 27 Dec 2011 21:26:04 +0400
Hi, On Sun, Dec 25, 2011 at 05:53 +0800, Eugene Teo wrote:
2: /proc/$PID/{sched,schedstat} information leak Vasiliy Kulikov of OpenWall posted a demo exploit. http://openwall.com/lists/oss-security/2011/11/05/3 AFAICS no CVE ID was assigned to this?
...
IIRC, it's an issue but there's no resolution as existing code may break.
There are also,
/proc/{interrupts, stat}
https://lkml.org/lkml/2011/11/7/340
/dev/pts/, /dev/tty*
https://lkml.org/lkml/2011/11/7/355
Correct, neither of these are fixed yet :-( /proc/$pid/* vuln will be fixed in the following patch series by introducing a restricted procfs permission mode: https://lkml.org/lkml/2011/11/19/41 https://lkml.org/lkml/2011/12/11/62 Currently these series are in the -mm tree. Thanks, -- Vasiliy Kulikov http://www.openwall.com - bringing security into open computing environments
Current thread:
- Status of two Linux kernel issues w/o CVE assignments Moritz Muehlenhoff (Dec 22)
- Re: Status of two Linux kernel issues w/o CVE assignments Kurt Seifried (Dec 23)
- Re: Status of two Linux kernel issues w/o CVE assignments Michael Gilbert (Dec 23)
- Re: Status of two Linux kernel issues w/o CVE assignments Solar Designer (Dec 23)
- Re: Status of two Linux kernel issues w/o CVE assignments Eugene Teo (Dec 24)
- Re: Status of two Linux kernel issues w/o CVE assignments Vasiliy Kulikov (Dec 27)
- Re: Status of two Linux kernel issues w/o CVE assignments Kurt Seifried (Dec 27)
- Re: Status of two Linux kernel issues w/o CVE assignments Kurt Seifried (Dec 27)
- Re: Status of two Linux kernel issues w/o CVE assignments Eugene Teo (Dec 24)
- Re: Status of two Linux kernel issues w/o CVE assignments Kurt Seifried (Dec 23)