Re: Potenitial security hole in the kernel

Brett Frankenberger (rbf@rbfnet.com)
Mon, 28 May 2001 17:44:08 -0500 (CDT)


>
> Hi folks,
>
> Please correct me if i'm wrong but it seems to me that i've stumbled on
> really BIG security hole in the signal handling code.
> The problem IMO is that the signal handling code stores a processor context
> on the user-mode stack frame which is active while
> the signal handler is running. Then sys_sigreturn restores back the context
> from user mode stack...
> Suppose the signal handler modifies this context frame for example by
> storing into the PC slot address of the panic routine
> then when handler will exit panic will be called with obvious results.
>
>
> Please CC your comments to me directly as i'm not subscibed to this list
>
> Vadim Lebedev
>
> -
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at http://www.tux.org/lkml/
>

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/