From: Roger Luethi <rl@hellgate.ch>
To: Rob Landley <rob@landley.net>
Cc: linux-kernel@vger.kernel.org
Subject: Re: Interesting race condition...
Date: Fri, 30 Jul 2004 01:56:54 +0200 [thread overview]
Message-ID: <20040729235654.GA19664@k3.hellgate.ch> (raw)
In-Reply-To: <200407222204.46799.rob@landley.net>
On Thu, 22 Jul 2004 22:04:46 -0500, Rob Landley wrote:
> I just saw a funky thing. Here's the cut and past from the xterm...
>
> [root@(none) root]# ps ax | grep hack
> 9964 pts/1 R 0:00 grep hack HOSTNAME= SHELL=/bin/bash TERM=xterm HISTSIZE=1000 USER=root LS_COLORS=no=00:fi=00:di=00;34:ln=00;36:pi=40;33:so=00;35:bd=40;33;01:cd=40;33;01:or=01;05;37;41:mi=01;05;37;41:ex=00;32:*.cmd=00;32:*.exe=00;32:*.com=00;32:*.btm=00;32:*.bat=00;32:*.sh=00;32:*.csh=00;32:*.tar=00;31:*.tgz=
> [root@(none) root]# ps ax | grep hack
> 9966 pts/1 S 0:00 grep hack
>
> Seems like some kind of race condition, dunno if it's in Fedore Core 1's ps
> or the 2.6.7 kernel or what...
If somebody posted a solution for this, I didn't see it. There's a race in
the kernel, and considering the permissions on /proc/PID/{cmdline,environ}
a security bug as well: If you win the race with a starting process, you
can read its environment.
This should plug the hole. Can you give it a spin?
Roger
--- linux-2.6.8-rc2-bk1/fs/proc/base.c.orig 2004-07-30 01:43:23.535967505 +0200
+++ linux-2.6.8-rc2-bk1/fs/proc/base.c 2004-07-30 01:43:27.428303752 +0200
@@ -329,6 +329,8 @@ static int proc_pid_cmdline(struct task_
struct mm_struct *mm = get_task_mm(task);
if (!mm)
goto out;
+ if (!mm->arg_end)
+ goto out; /* Shh! No looking before we're done */
len = mm->arg_end - mm->arg_start;
next prev parent reply other threads:[~2004-07-30 0:01 UTC|newest]
Thread overview: 26+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-07-23 3:04 Interesting race condition Rob Landley
2004-07-23 7:33 ` Barry K. Nathan
2004-07-23 7:56 ` Hugo Mills
2004-07-24 8:13 ` Rob Landley
2004-07-24 13:40 ` Marc Ballarin
2004-07-26 16:04 ` David Weinehall
2004-07-26 17:20 ` Marc Ballarin
2004-07-23 10:01 ` P. Benie
2004-07-24 8:17 ` Rob Landley
2004-07-24 9:08 ` P. Benie
2004-07-27 20:40 ` Bill Davidsen
2004-07-28 8:00 ` Paul Jackson
2004-08-04 20:03 ` Robert White
2004-08-04 20:42 ` Roger Luethi
2004-07-28 8:05 ` Paul Jackson
2004-07-28 11:54 ` Marc Ballarin
2004-07-28 16:46 ` Rob Landley
2004-07-28 16:42 ` Rob Landley
2004-07-28 17:08 ` Tristan Wibberley
2004-07-29 23:56 ` Roger Luethi [this message]
2004-07-30 0:18 ` Jesper Juhl
2004-07-30 0:22 ` Jesper Juhl
2004-07-30 8:27 ` Marc Ballarin
2004-07-30 8:38 ` Roger Luethi
2004-08-20 10:15 ` Lee Revell
2004-08-20 12:51 ` Marc Ballarin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20040729235654.GA19664@k3.hellgate.ch \
--to=rl@hellgate.ch \
--cc=linux-kernel@vger.kernel.org \
--cc=rob@landley.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox