'Re: [oss-security] CVE request - kernel: xfs swapext ioctl issue'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] CVE request - kernel: xfs swapext ioctl issue
From:       Josh Bressers <bressers () redhat ! com>
Date:       2010-06-18 15:27:15
Message-ID: 1915220118.620201276874835970.JavaMail.root () zmail01 ! collab ! prod ! int ! phx2 ! redhat ! com
[Download RAW message or body]

Please use CVE-2010-2226 for this.

Thanks.

-- 
    JB

----- "Eugene Teo" <eugeneteo@kernel.sg> wrote:

> User "foo" can use the SWAPEXT ioctl to swap a write-only file owned
> by 
> user "bar" into a file owned by "foo" and subsequently reading it. It
> 
> does so by checking that the file descriptors passed to the ioctl are
> 
> also opened for reading.
> 
> References:
> https://bugzilla.redhat.com/show_bug.cgi?id=605158
> http://archives.free.net.ph/message/20100616.130710.301704aa.en.html
> http://archives.free.net.ph/message/20100616.135735.40f53a32.en.html
> 
> Thanks, Eugene
> -- 
> main(i) { putchar(182623909 >> (i-1) * 5&31|!!(i<7)<<6) && main(++i);
> }
[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic