Another thing I noticed was that futex_offset on the surface looks like
a malicious users dream variable .. I didn't notice security addressed
at all in your initial write up . I was told it was a big topic at last
years OLS .. In your write up you did say you corrupted the
robust_list , but did you corrupt the offset? Is this even a concern?
Daniel
On Thu, 2006-02-16 at 10:41 +0100, Ingo Molnar wrote:
> This is release -V3 of the "lightweight robust futexes" patchset. The
> patchset can also be downloaded from:
>
> http://redhat.com/~mingo/lightweight-robust-futexes/
>
> Changes since -V2:
>
> Ulrich Drepper ran the code through more glibc testcases, which
> unearthed a couple of bugs:
>
> - fixed bug in the i386 and x86_64 assembly code (Ulrich Drepper)
>
> - fixed bug in the list walking futex-wakeups (found by Ulrich Drepper)
>
> - race fix: do not bail out in the list walk when the list_op_pending
> pointer cannot be followed by the kernel - another userspace thread
> may have already destroyed the mutex (and unmapped it), before this
> thread had a chance to clear the field.
>
> - cleanup: renamed list_add_pending to list_op_pending. (the field is
> used for list removals too)
>
> Ingo
> -
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to [email protected]
> More majordomo info at http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at http://www.tux.org/lkml/
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Stuff]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
[Linux Resources]