> The problem is with a broken signal handler, that moves the stack
> pointer to nirvana. You get a signal, set up the signal stack, move
> the pointer to nirvana, get a signal, set up the signal stack, move
> the pointer to nirvana, get a signal, ...
You can get the same effect by doing kill(0, SIGINT) inside a handler
for SIGINT. All you seem to be saying is "if you behave stupidly then
bad things happen to you". I don't see that this example exposes any
bug or vulnerability in the kernel.
> If I was just going down the signal stack, I would be perfectly happy,
> but instead the kernel believes each signal is the very first on the
> signal stack and sets it up again (and again...) each time.
You had to go to some trouble to get this effect - you had to use an
asm statement to change the stack pointer, which is well and truly
into "undefined behaviour" territory, and so you deserve all you
get. :) It's a very contrived example IMHO.
Paul.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/