[kernel] r5625 - patch-tracking
Dann Frazier
dannf at costa.debian.org
Sun Jan 29 23:36:15 UTC 2006
Author: dannf
Date: Sun Jan 29 23:36:14 2006
New Revision: 5625
Modified:
patch-tracking/CVE-2005-0178
Log:
mark 2.4 unaffected
Modified: patch-tracking/CVE-2005-0178
==============================================================================
--- patch-tracking/CVE-2005-0178 (original)
+++ patch-tracking/CVE-2005-0178 Sun Jan 29 23:36:14 2006
@@ -11,16 +11,20 @@
Race condition in the setsid function in Linux before 2.6.8.1 allows local
users to cause a denial of service (crash) and possibly access portions of
kernel memory, related to TTY changes, locking, and semaphores.
-Notes:
+Notes:
+ dannf> Alan Cox suggested that this is not a 2.4 issue:
+ Alan> Is it actually needed for 2.4. In the 2.4 case your controlling tty is
+ Alan> private not thread group so a setsid() can't race because you can't
+ Alan> setsid in the same thread as is opening current->tty.
Bugs:
upstream: released (2.6.8.1, 2.6.11)
linux-2.6: N/A
2.6.8-sarge-security: released (2.6.8-14) [setsid-race.dpatch]
-2.4.27-sarge-security:
-2.4.19-woody-security:
-2.4.18-woody-security:
-2.4.17-woody-security:
-2.4.16-woody-security:
-2.4.17-woody-security-hppa:
-2.4.17-woody-security-ia64:
-2.4.18-woody-security-hppa:
+2.4.27-sarge-security: N/A
+2.4.19-woody-security: N/A
+2.4.18-woody-security: N/A
+2.4.17-woody-security: N/A
+2.4.16-woody-security: N/A
+2.4.17-woody-security-hppa: N/A
+2.4.17-woody-security-ia64: N/A
+2.4.18-woody-security-hppa: N/A
More information about the Kernel-svn-changes
mailing list