[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] CVE request: kernel: tty: release_one_tty() forgets
From:       Eugene Teo <eugene () redhat ! com>
Date:       2010-04-27 7:06:49
Message-ID: 4BD68D09.9050803 () redhat ! com
[Download RAW message or body]

On 04/27/2010 02:45 PM, Eren Türkay wrote:
> On Thu, Apr 15, 2010 at 08:44:53AM +0800, Eugene Teo wrote:
>> pgrp member in struct tty_struct was converted to struct pid in
>> commit ab521dc0, so kernels of version v2.6.26-rc1 and above are
>> affected by this.
>
> FYI. We use v2.6.25.20 in one of our products. As far as I see from
> include/linux/tty.h in 2.6.25 archive that pgrp member in tty_struct is already converted
> to "struct pid". I haven't checked the older kernel releases but this
> issue exists in 2.6.25. It would be very helpful if someone checked
> older kernel releases to correctly determine which releases are vulnerable.

Happy to know that someone reads this :) You spotted a typo.

Upstream ab521dc0 was introduced in v2.6.21-rc1.

commit ab521dc0f8e117fd808d3e425216864d60390500
Author: Eric W. Biederman <ebiederm@xmission.com>
Date:   Mon Feb 12 00:53:00 2007 -0800

     [PATCH] tty: update the tty layer to work with struct pid
[...]

@@ -197,8 +197,8 @@ struct tty_struct {
         struct mutex termios_mutex;
         struct ktermios *termios, *termios_locked;
         char name[64];
-       int pgrp;
-       int session;
+       struct pid *pgrp;

Thanks, Eugene
[prev in list] [next in list] [prev in thread] [next in thread]