Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <4A78E903.40203@redhat.com>
Date: Wed, 05 Aug 2009 10:05:55 +0800
From: Eugene Teo <eugene@...hat.com>
To: oss-security@...ts.openwall.com
CC: "Steven M. Christey" <coley@...us.mitre.org>, jon@...rheide.org
Subject: Re: CVE request - kernel: information leak in sigaltstack

Eugene Teo wrote:
> do_sigaltstack: avoid copying 'stack_t' as a structure to user space
> 
> Ulrich Drepper correctly points out that there is generally padding in
> the structure on 64-bit hosts, and that copying the structure from
> kernel to user space can leak information from the kernel stack in those
> padding bytes.
> 
> Avoid the whole issue by just copying the three members one by one
> instead, which also means that the function also can avoid the need for
> a stack frame. This also happens to match how we copy the new structure
> from user space, so it all even makes sense.
> 
> Upstream commit:
> http://git.kernel.org/linus/0083fc2c50e6c5127c2802ad323adf8143ab7856
> 
> Reference:
> https://bugzilla.redhat.com/show_bug.cgi?id=515392

Reproducer:
http://milw0rm.com/exploits/9352

Thanks, Eugene

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.