Re: Fix prctl privilege escalation (CVE-2006-2451)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Already fixed since 07/06/2006:

http://www.kernel.org/git/?p=linux/kernel/git/stable/linux-2.6.17.y.git;a=commit;h=0af184bb9f80edfbb94de46cb52e9592e5a547b0
http://www.kernel.org/git/?p=linux/kernel/git/stable/linux-2.6.17.y.git;a=commitdiff;h=0af184bb9f80edfbb94de46cb52e9592e5a547b0;hp=52cbb7b78994ea3799f1bbb8c03bce1e2f72a271

On Wed, 2006-07-12 at 13:12 +0200, Marcel Holtmann wrote:
> Hi Linus,
> 
> attached is the fix with full explanation for CVE-2006-2451. It fixes a
> possible privilege escalation through the prctl() system call.
> 
> I also put Michael Kerrisk on CC, because the manual page of prctl()
> needs adjustment. The value 2 for the PR_SET_DUMPABLE flag is no longer
> valid after this patch. The only way to get root-owned core dumps is
> through /proc/sys/fs/suid_dumpable and the manual page should reflect
> that.
> 
> Regards
> 
> Marcel

-- 
Micskó Gábor
HP APS, AIS, ASE
Szintézis ZRt.
H-9023 Győr, Tihanyi Á. u. 2.
Tel: +36 96 502 216
Fax: +36 96 318 658
E-mail: [email protected]

Attachment: signature.asc
Description: This is a digitally signed message part


[Index of Archives]     [Kernel Newbies]     [Netfilter]     [Bugtraq]     [Photo]     [Stuff]     [Gimp]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Video 4 Linux]     [Linux for the blind]     [Linux Resources]
  Powered by Linux