Re: mremap() bug IMHO not in 2.2

From: Linus Torvalds
Date: Mon Jan 05 2004 - 18:44:06 EST

Next message: James Simmons: "Re: Blank Screen in 2.6.0"
Previous message: James Simmons: "Re: 2.6.0 problems"
In reply to: Petr Baudis: "mremap() bug IMHO not in 2.2"
Next in thread: Valdis . Kletnieks: "Re: mremap() bug IMHO not in 2.2"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, 5 Jan 2004, Petr Baudis wrote:
>
> Actually, after looking at the code again, I'm now quite convinced 2.2
> has not this particular vulnerability. In order for the exploit to work,
> you'd need mremap() to relocate you.

Can somebody tell me (in private) what the exploit is in the first place?

The thing is, I can see the VM getting confused and creating a zero-sized
vma, and I agree that it shouldn't do that. The fix is trivial. But I
don't see where the claimed privilege escalation comes from. A zero-sized
vma isn't ever going to be _useful_, since nothing will actually find it.

So yes, it creates some confusion in the VM layer, but it all seems
benign. It's clearly a bug, but where does the security problem come in?

Linus
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: James Simmons: "Re: Blank Screen in 2.6.0"
Previous message: James Simmons: "Re: 2.6.0 problems"
In reply to: Petr Baudis: "mremap() bug IMHO not in 2.2"
Next in thread: Valdis . Kletnieks: "Re: mremap() bug IMHO not in 2.2"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]