Home
Reading
Searching
Subscribe
Sponsors
Statistics
Posting
Contact
Spam
Lists
Links
About
Hosting
Filtering
Features Download
Marketing
Archives
FAQ
Blog
 
Gmane
From: Eugene Teo <eugeneteo-X4ZF2iejbADYtjvyW6yDsg <at> public.gmane.org>
Subject: CVE-2010-0729 kernel: ia64: ptrace: peek_or_poke requests miss ptrace_check_attach()
Newsgroups: gmane.comp.security.oss.general
Date: Friday 12th March 2010 06:32:49 UTC (over 6 years ago)
The "ia64: fix deadlock in ia64 sys_ptrace" patch (no reference as it's 
only added in our shipped kernels) moved ptrace_check_attach() from 
find_thread_for_addr() to tasklist-is-not-held area. However it 
introduced other problems.

One of the problems is security-relevant. In certain code path, it is 
possible that ptrace_check_attach() is not called, and the user can do 
ptrace() on any target even without PTRACH_ATTACH.

This only affects Red Hat Enterprise Linux 4.

https://bugzilla.redhat.com/CVE-2010-0729

Thanks, Eugene
 
CD: 3ms