Comment 1 for bug 920586
Revision history for this message
|
|
#1 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
bbfa235
(Get the code!)
From Linus' patch:
"Jüri Aedla reported that the /proc/<pid>/mem handling really isn't very robust, and it also doesn't match the permission checking of any of the other related files.
This changes it to do the permission checks at open time, and instead of tracking the process, it tracks the VM at the time of the open. That simplifies the code a lot, but does mean that if you hold the file descriptor open over an execve(), you'll continue to read from the _old_ VM."
A local, unprivileged user could use this flaw to escalate their privileges.
Upstream commit:
http://
Acknowledgements:
Red Hat would like to thank Jüri Aedla for reporting this issue.