[kernel-sec-discuss] r797 - active ignored

Moritz Muehlenhoff jmm at alioth.debian.org
Tue May 1 00:23:01 UTC 2007 

Author: jmm
Date: 2007-05-01 00:23:01 +0000 (Tue, 01 May 2007)
New Revision: 797

Added:
   ignored/CVE-2005-3527
Removed:
   active/CVE-2005-3527
Log:
moving to ignored, this is way too intrusive to backport


Deleted: active/CVE-2005-3527
===================================================================
--- active/CVE-2005-3527	2007-05-01 00:21:44 UTC (rev 796)
+++ active/CVE-2005-3527	2007-05-01 00:23:01 UTC (rev 797)
@@ -1,34 +0,0 @@
-Candidate: CVE-2005-3527
-References: 
- CONFIRM:http://www.kernel.org/git/?p=linux/kernel/git/davem/sparc-2.6.git;a=commitdiff;h=788e05a67c343fa22f2ae1d3ca264e7f15c25eaf
-Description:
- Race condition in signal handling
- Race condition in do_coredump in signal.c in Linux kernel 2.6 allows local
- users to cause a denial of service by triggering a core dump in one thread
- while another thread has a pending SIGSTOP
-Notes: 
- dannf> The changed code doesn't exist in 2.6.8.  That code was added later in:
-        http://linux.bkbits.net:8080/linux-2.6/cset@41db7d2cBjKGtCZDlUmwwo2dgMZ6Wg?nav=index.html|src/|src/kernel|related/kernel/signal.c
-        Its unclear to me whether or not that patch added the bug, or just made it
-        look different.
-        Applying all the prereq changes to get our code to resemble the fixed
-        code does not look feasible; there are a lot, and some add new features.
- horms> This specific problem seems to haev been introduced by the
-        changeset above. That changeset fixed a problem where STOP signals
-	weren't correctly canceled if SIGTERM or SIGCONT arrived.
-	However, that problem seems a lot more mild than CVE-2005-3527.
-	And I agree with dannf's analysis that backporting is too hard.
-	To support this, look at how many times STOP signal races
-	have been fixed since 2.6.8 and note that problems are still
-	being found.
- dannf> Same with 2.4.27.
- horms> I'm not entirely sure that 2.4.27 suffers from any of these
-	problems. But I think it is fair to say that if it does, 
-	backporting is too hard for the same reasons as 2.6.8.
-Bugs: 
-upstream: released (2.6.14)
-linux-2.6: N/A
-2.6.8-sarge-security: ignored (2.6.8-16sarge5)
-2.4.27-sarge-security: ignored (2.4.27-10sarge5)
-2.6.18-etch-security: N/A
-

Copied: ignored/CVE-2005-3527 (from rev 790, active/CVE-2005-3527)

More information about the kernel-sec-discuss mailing list