[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: [oss-security] R: [oss-security] Re: CVE request: pid namespace leak in kernel 3.0 and 3.1
From: "pinto.elia () gmail ! com" <pinto ! elia () gmail ! com>
Date: 2012-04-20 11:56:28
Message-ID: 4f914ef0.c5b70e0a.01bd.71c6 () mx ! google ! com
[Download RAW message or body]
----Messaggio originale----
Da: Andrew Morton
Inviato: 20/04/2012, 00:04
A: Marcus Meissner
Cc: OSS Security List; security@kernel.org; Sukadev Bhattiprolu; Serge Hallyn; Eric W. Biederman; Pavel Emelyanov
Oggetto: [oss-security] Re: CVE request: pid namespace leak in kernel 3.0 and 3.1
(cc's added)
On Thu, 19 Apr 2012 23:48:20 +0200
Marcus Meissner <meissner@suse.de> wrote:
> Hi,
>
> we had a user, Vadim Ponomarev (ccrssaa at karelia.ru), report a pid
> namespace leak caused by vsftpd.
>
> https://bugzilla.novell.com/show_bug.cgi?id=757783
>
> He provided a simple reproducer:
>
> #include <stdio.h>
> #include <errno.h>
> #include <signal.h>
> #include <sched.h>
> #include <linux/sched.h>
> #include <unistd.h>
> #include <sys/syscall.h>
>
> int main(int argc, char *argv[])
> {
> int i, ret;
>
> for (i = 0; i < 10000; i++) {
>
> if (0 == (ret = syscall(__NR_clone, CLONE_NEWPID | CLONE_NEWIPC |
> CLONE_NEWNET | SIGCHLD, NULL)))
> return 0;
>
> if (-1 == ret) {
> perror("clone");
> break;
> }
>
> }
> return 0;
> }
>
>
> and checking "cat /proc/slabinfo|grep pid_namespace"
> gives 10000 more active slots after running it on 3.0.13 (+SUSE patches) and 3.1.10 (+SUSE patches).
>
>
> Running this on 3.2.0 (+SUSE Patches) did not result in more slots, so it was probably
> fixed between 3.1 and 3.2 (but someone else cross check perhaps).
>
> Any idea welcome on which patch fixed this, I tried 1b26c9b334044cff6d1d2698f2be41bc7d9a0864
> but it seems not helping.
>
> Ciao, Marcus
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic