I've recently stumbled upon an security flaw in Linux. It affects Linux < 2.6.32-rc6. The problem is that when using the pipe_read_open(), pipe_write_open() or pipe_rdwr_open() functions while releasing a mutex (mutual exclusion) too early, in certain conditions, this causes a race condition, which allows the bad guy to have root access, and you know what happens next.
There are two fixes: One, backport a patch that fixes this issues to 2.6.31.6 and 2.6.30.2 (the former is the LFS Dev version, the latter, the 6.5 version, and for the 6.5 version, add a errata link to the patch..) from here: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=ad3960243e55320d74195fb85c975e0a8cc4466c. The other fix is to set mmap_min_addr to a value higher than 0, such as 65535, but that also causes wine, dosbox, and qemu to malfunction, so that's why I perfer the backported patch. Please, please, patch the kernel to fix this issue, and please stop LFS from being exploited. -- William Immendorf The ultimate in free computing. Messages in plain text, please, no HTML. -------------- "Every nonfree program has a lord, a master -- and if you use the program, he is your master." Richard Stallman -- http://linuxfromscratch.org/mailman/listinfo/lfs-dev FAQ: http://www.linuxfromscratch.org/faq/ Unsubscribe: See the above information page
