Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 200777

Summary: Kernel 2.6* allows coredump in pre-created files (CVE-2007-6206)
Product: Gentoo Security Reporter: Robert Buchholz (RETIRED) <rbu>
Component: KernelAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: kernel
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=c46f739dd39db3b07ab5deb4e3ec81e1c04a91af
Whiteboard: [linux >= 2.6.22 < 2.6.22.17][gp >= 2.6.22-1 < 2.6.22-11][linux >= 2.6.16 < 2.6.16.60][gp >= 2.6.16-1 < 2.6.16-15][linux >= 2.6.23 < 2.6.23.15][gp >= 2.6.23-1 < 2.6.23-8]
Package list:
Runtime testing required: ---

Description Robert Buchholz (RETIRED) gentoo-dev 2007-11-29 20:29:57 UTC 
in 2.6.x and 2.4.x kernels, if a core file owned by a non root user exists and 
root runs a process that drops core in the same location, the original core 
file owned by the non root user is replaced with root's core dump, except the 
original owner maintains ownership of the core.

http://bugzilla.kernel.org/show_bug.cgi?id=3043