Re: BK2CVS problem

From: Tomas Szepe
Date: Wed Nov 05 2003 - 19:58:03 EST

Next message: Pete Zaitcev: "Re: [CHECKER] 32 Memory Leaks on Error Paths"
Previous message: Russell Whitaker: "kernel-2.6-test9 & mouse"
In reply to: Larry McVoy: "Re: BK2CVS problem"
Next in thread: Andreas Dilger: "Re: BK2CVS problem"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Nov-05 2003, Wed, 15:03 -0800
Larry McVoy <lm@xxxxxxxxxxxx> wrote:

> > > > + if ((options == (__WCLONE|__WALL)) && (current->uid = 0))
> > > > + retval = -EINVAL;
> > >
> > > That looks odd
> >
> > Setting current->uid to zero when options __WCLONE and __WALL are set? The
> > retval is dead code because of the next line, but it looks like an attempt
> > to backdoor the kernel, does it not?
>
> It sure does. Note "current->uid = 0", not "current->uid == 0".
> Good eyes, I missed that. This function is sys_wait4() so by passing in
> __WCLONE|__WALL you are root. How nice.

Also note the extra parentheses to avoid a gcc warning.

--
Tomas Szepe <szepe@xxxxxxxxxxxxxxx>
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Pete Zaitcev: "Re: [CHECKER] 32 Memory Leaks on Error Paths"
Previous message: Russell Whitaker: "kernel-2.6-test9 & mouse"
In reply to: Larry McVoy: "Re: BK2CVS problem"
Next in thread: Andreas Dilger: "Re: BK2CVS problem"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]