Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <4F90F0D2.3000300@parallels.com>
Date: Fri, 20 Apr 2012 09:14:58 +0400
From: Pavel Emelyanov <xemul@...allels.com>
To: Eugene Teo <eugeneteo@...nel.sg>
CC: "Eric W. Biederman" <ebiederm@...ssion.com>,
        Marcus Meissner <meissner@...e.de>,
        OSS Security List <oss-security@...ts.openwall.com>,
        "security@...nel.org" <security@...nel.org>,
        Sukadev Bhattiprolu <sukadev@...ibm.com>,
        Serge Hallyn <serge.hallyn@...onical.com>
Subject: Re: CVE request: pid namespace leak in kernel 3.0 and 3.1

On 04/20/2012 07:10 AM, Eugene Teo wrote:
>> So we know what is holding the pid namespace reference.
>>
>> Additional thoughts.
>>
>> Does echo 3 > /proc/sys/vm/drop_caches clear up the issue?
> 
> No.
> 
>> Is there a corresponding task_struct leak?
> 
> Yes.
> 
>> I don't have much of a clue or much concern as this seems fixed in later kernels but I am happy to suggest things to look for to help narrow this down.
> 
> I'm helping to provide more information.

Is there also a vfsmount struct leak as well? The pidns creating implies
kern-mount-ing of a proc and it should be released when child reaper of
the namespace dies.

> Thanks, Eugene
> .
> 

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.