Re: Interesting race condition...

[Marc Ballarin]

On Fri, 30 Jul 2004 01:56:54 +0200
Roger Luethi <rl@xxxxxxxxxxx> wrote:

> If somebody posted a solution for this, I didn't see it. There's a race
> in the kernel, and considering the permissions on
> /proc/PID/{cmdline,environ} a security bug as well: If you win the race
> with a starting process, you can read its environment.
> 
> This should plug the hole. Can you give it a spin?
> 
> Roger
> 
> --- linux-2.6.8-rc2-bk1/fs/proc/base.c.orig	2004-07-30 01:43:23.535967505 +0200
> +++ linux-2.6.8-rc2-bk1/fs/proc/base.c	2004-07-30 01:43:27.428303752 +0200
> @@ -329,6 +329,8 @@ static int proc_pid_cmdline(struct task_
>  	struct mm_struct *mm = get_task_mm(task);
>  	if (!mm)
>  		goto out;
> +	if (!mm->arg_end)
> +		goto out;	/* Shh! No looking before we're done */
>  
>   	len = mm->arg_end - mm->arg_start;
>   

Yes, this seems to fix it. First I replaced "goto out" with a printk, and
the printks matched the occurence of the bug.
However, I got multiple printks per bug (between 2 and 7). Is that
supposed to happen?

Anyway, I've added back the "goto out" (after printk), and the bug no
longer
occurs. The printk still happens, so this code path does get hit.


Regards, and thanks for the fix
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/