Full Disclosure mailing list archives
Re: Linux kernel file offset pointer races
From: Andrew Farmer <andfarm () teknovis com>
Date: Wed, 4 Aug 2004 15:42:13 -0700
On 4 Aug 2004, at 03:22, Paul Starzetz wrote:
Synopsis: Linux kernel file offset pointer handling Product: Linux kernel Version: 2.4 up to to and including 2.4.26, 2.6 up to to and including 2.6.7 Vendor: http://www.kernel.org/ URL: http://isec.pl/vulnerabilities/isec-0016-procleaks.txt CVE: CAN-2004-0415 Author: Paul Starzetz <ihaquer () isec pl> Date: Aug 04, 2004
Issue: ======A critical security vulnerability has been found in the Linux kernelcode handling 64bit file offset pointers.
... Even discounting the mangling in this posting, the code doesn't work as advertised under 2.6.7. I've tried a number of different scenarios:multiple machines, slow storage, fast storage, large files, small files - but _llseek(pfd, 0, 0, &off, SEEK_CUR) doesn't fail. Is this just because
I'm stupid or because the code supplied is incorrect?Furthermore, mtrr_read doesn't seem to exist anywhere in the Linux kernel,
at least not by that name. The function in question would probably exist in linux/arch/i386/kernel/cpu/mtrr/if.c, but there's nothing of the sort in there. Heck, the kernel code shown isn't even VALID. My fault or Paul's?
Attachment:
PGP.sig
Description: This is a digitally signed message part
Current thread:
- Linux kernel file offset pointer races Paul Starzetz (Aug 04)
- Re: Linux kernel file offset pointer races Andrew Farmer (Aug 04)
- Re: Linux kernel file offset pointer races Pavel Kankovsky (Aug 05)
- Re: Linux kernel file offset pointer races Andrew Farmer (Aug 04)