Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 215000

Summary: Kernel <2.6.22 RLIMIT_CPU could be avoided (CVE-2008-1294)
Product: Gentoo Security Reporter: Robert Buchholz (RETIRED) <rbu>
Component: KernelAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: minor CC: kernel
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://launchpad.net/bugs/107209
Whiteboard: [linux >= 2.6.17 < 2.6.22]
Package list:
Runtime testing required: ---

Description Robert Buchholz (RETIRED) gentoo-dev 2008-03-27 01:14:47 UTC 
As discovered here today, the change in Kernel 2.6.17 intended to inhibit
users from setting RLIMIT_CPU to 0 (as that is equivalent to unlimited) by
"cheating" and setting it to 1 in such a case, does not make a difference,
as the check is done in the wrong place (too late), and only applies to the
profiling code.

Bugs:
  https://launchpad.net/bugs/107209
  http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=419706

Fixed in 2.6.22:
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=9926e4c74300c4b31dee007298c6475d33369df0
Comment 1 unnamedrambler 2008-03-27 17:00:59 UTC 
proposed

[linux >= 2.6.17 < 2.6.22]
9926e4c74300c4b31dee007298c6475d33369df0
Comment 2 Robert Buchholz (RETIRED) gentoo-dev 2008-03-27 20:55:55 UTC 
sounds good :-)