From: Roger Luethi <rl@hellgate.ch>
To: Rob Landley <rob@landley.net>
Cc: linux-kernel@vger.kernel.org
Subject: Re: Interesting race condition...
Date: Fri, 30 Jul 2004 01:56:54 +0200 [thread overview]
Message-ID: <20040729235654.GA19664@k3.hellgate.ch> (raw)
In-Reply-To: <200407222204.46799.rob@landley.net>
On Thu, 22 Jul 2004 22:04:46 -0500, Rob Landley wrote:
> I just saw a funky thing. Here's the cut and past from the xterm...
>
> [root@(none) root]# ps ax | grep hack
> 9964 pts/1 R 0:00 grep hack HOSTNAME= SHELL=/bin/bash TERM=xterm HISTSIZE=1000 USER=root LS_COLORS=no=00:fi=00:di=00;34:ln=00;36:pi=40;33:so=00;35:bd=40;33;01:cd=40;33;01:or=01;05;37;41:mi=01;05;37;41:ex=00;32:*.cmd=00;32:*.exe=00;32:*.com=00;32:*.btm=00;32:*.bat=00;32:*.sh=00;32:*.csh=00;32:*.tar=00;31:*.tgz=
> [root@(none) root]# ps ax | grep hack
> 9966 pts/1 S 0:00 grep hack
>
> Seems like some kind of race condition, dunno if it's in Fedore Core 1's ps
> or the 2.6.7 kernel or what...
If somebody posted a solution for this, I didn't see it. There's a race in
the kernel, and considering the permissions on /proc/PID/{cmdline,environ}
a security bug as well: If you win the race with a starting process, you
can read its environment.
This should plug the hole. Can you give it a spin?
Roger
--- linux-2.6.8-rc2-bk1/fs/proc/base.c.orig 2004-07-30 01:43:23.535967505 +0200
+++ linux-2.6.8-rc2-bk1/fs/proc/base.c 2004-07-30 01:43:27.428303752 +0200
@@ -329,6 +329,8 @@ static int proc_pid_cmdline(struct task_
struct mm_struct *mm = get_task_mm(task);
if (!mm)
goto out;
+ if (!mm->arg_end)
+ goto out; /* Shh! No looking before we're done */
len = mm->arg_end - mm->arg_start;
next prev parent reply other threads:[~2004-07-30 0:01 UTC|newest]
Thread overview: 26+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-07-23 3:04 Interesting race condition Rob Landley
2004-07-23 7:33 ` Barry K. Nathan
2004-07-23 7:56 ` Hugo Mills
2004-07-24 8:13 ` Rob Landley
2004-07-24 13:40 ` Marc Ballarin
2004-07-26 16:04 ` David Weinehall
2004-07-26 17:20 ` Marc Ballarin
2004-07-23 10:01 ` P. Benie
2004-07-24 8:17 ` Rob Landley
2004-07-24 9:08 ` P. Benie
2004-07-27 20:40 ` Bill Davidsen
2004-07-28 8:00 ` Paul Jackson
2004-08-04 20:03 ` Robert White
2004-08-04 20:42 ` Roger Luethi
2004-07-28 8:05 ` Paul Jackson
2004-07-28 11:54 ` Marc Ballarin
2004-07-28 16:46 ` Rob Landley
2004-07-28 16:42 ` Rob Landley
2004-07-28 17:08 ` Tristan Wibberley
2004-07-29 23:56 ` Roger Luethi [this message]
2004-07-30 0:18 ` Jesper Juhl
2004-07-30 0:22 ` Jesper Juhl
2004-07-30 8:27 ` Marc Ballarin
2004-07-30 8:38 ` Roger Luethi
2004-08-20 10:15 ` Lee Revell
2004-08-20 12:51 ` Marc Ballarin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20040729235654.GA19664@k3.hellgate.ch \
--to=rl@hellgate.ch \
--cc=linux-kernel@vger.kernel.org \
--cc=rob@landley.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.