Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20111227172604.GA11555@albatros>
Date: Tue, 27 Dec 2011 21:26:04 +0400
From: Vasiliy Kulikov <segoon@...nwall.com>
To: Eugene Teo <eteo@...hat.com>
Cc: kseifried@...hat.com, oss-security@...ts.openwall.com,
	Moritz Muehlenhoff <jmm@...ian.org>
Subject: Re: Status of two Linux kernel issues w/o CVE
 assignments

Hi,

On Sun, Dec 25, 2011 at 05:53 +0800, Eugene Teo wrote:
> >> 2: /proc/$PID/{sched,schedstat} information leak
> >> Vasiliy Kulikov of OpenWall posted a demo exploit.
> >> http://openwall.com/lists/oss-security/2011/11/05/3
> >>
> >> AFAICS no CVE ID was assigned to this?
...
> IIRC, it's an issue but there's no resolution as existing code may break.
> 
> There are also,
> /proc/{interrupts, stat}
> https://lkml.org/lkml/2011/11/7/340
> 
> /dev/pts/, /dev/tty*
> https://lkml.org/lkml/2011/11/7/355

Correct, neither of these are fixed yet :-(


/proc/$pid/* vuln will be fixed in the following patch series by introducing
a restricted procfs permission mode:

https://lkml.org/lkml/2011/11/19/41
https://lkml.org/lkml/2011/12/11/62

Currently these series are in the -mm tree.

Thanks,

-- 
Vasiliy Kulikov
http://www.openwall.com - bringing security into open computing environments

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.