Re: Verification of SYScall changes because of CVE-2009-0029

From: Christian Borntraeger
Date: Thu Oct 21 2010 - 17:46:43 EST

Next message: Rusty Russell: "Re: [PATCH v2][GIT PULL] tracing: Prevent unloadable modules from using trace_bprintk()"
Previous message: Matthew Garrett: "[PATCH] tpm: Autodetect itpm devices"
In reply to: Mitchell Erblich: "Verification of SYScall changes because of CVE-2009-0029"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Am 21.10.2010 07:40, schrieb Mitchell Erblich:
> he ABI in the Linux kernel 2.6.28 and earlier on s390, powerpc, sparc64, and mips
> 64-bit platforms requires that a 32-bit argument in a 64-bit register was properly
> sign extended when sent from a user-mode application, but cannot verify this, which
> allows local users to cause a denial of service (crash) or possibly gain privileges
> via a crafted system call.
>
> Has anyone been able to verify (a program that exploits this issue) ?

I found the problem with crashme and I was able to reduce the test to a
5 line C program - so yes, the problem can happen for real. The thing is
that this was no generic exploit, the problem from the testcase existed
only with specific gcc, kernel, syscall and architecture but there might
be others - we dont know. So sorry, there is no generic test case that
checks if the problem is fixed.

Christian

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Rusty Russell: "Re: [PATCH v2][GIT PULL] tracing: Prevent unloadable modules from using trace_bprintk()"
Previous message: Matthew Garrett: "[PATCH] tpm: Autodetect itpm devices"
In reply to: Mitchell Erblich: "Verification of SYScall changes because of CVE-2009-0029"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]