Since 2.6.11, an unprivileged local user can easily keep the system under
memory starvation state by temporarily disabling the OOM killer due to the OOM
killer deadlock. Although we haven't eliminated all of possible attack vectors,
this patchset can eliminate the most straightforward attack vector.
Notes:
(1) and (4) are optional. (4) depends on (1). (1) needs some corrections if we
backport. For example, (1) does not include fix for ubuntu/fsam7400/fsam7400.c
in precise.git. Therefore, I think excluding (1) and (4) is a safer choice.
3.4-rc1 will include (4) anyway. Please make sure that all users (including
ubuntu/fsam7400/fsam7400.c) started using UMH_* constants.
Upstream commits:
(1) 70834d30 "usermodehelper: use UMH_WAIT_PROC consistently" sub_info) " usermodehelper( ) doesn't need do_exit()"
(2) b3449922 "usermodehelper: introduce umh_complete(
(3) d0bd587a "usermodehelper: implement UMH_KILLABLE"
(4) 9d944ef3 "usermodehelper: kill umh_wait, renumber UMH_* constants"
(5) 5b9bd473 "usermodehelper: ____call_
(6) 3e63a93b "kmod: introduce call_modprobe() helper"
(7) 1cc684ab "kmod: make __request_module() killable"
Description:
Since 2.6.11, an unprivileged local user can easily keep the system under
memory starvation state by temporarily disabling the OOM killer due to the OOM
killer deadlock. Although we haven't eliminated all of possible attack vectors,
this patchset can eliminate the most straightforward attack vector.
Notes:
(1) and (4) are optional. (4) depends on (1). (1) needs some corrections if we fsam7400/ fsam7400. c
backport. For example, (1) does not include fix for ubuntu/
in precise.git. Therefore, I think excluding (1) and (4) is a safer choice.
3.4-rc1 will include (4) anyway. Please make sure that all users (including fsam7400/ fsam7400. c) started using UMH_* constants.
ubuntu/