Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 215000

Summary: Kernel <2.6.22 RLIMIT_CPU could be avoided (CVE-2008-1294)
Product: Gentoo Security Reporter: Robert Buchholz (RETIRED) <rbu>
Component: KernelAssignee: Gentoo Security <security>
Severity: minor CC: kernel
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: [linux >= 2.6.17 < 2.6.22]
Package list:
Runtime testing required: ---

Description Robert Buchholz (RETIRED) gentoo-dev 2008-03-27 01:14:47 UTC
As discovered here today, the change in Kernel 2.6.17 intended to inhibit
users from setting RLIMIT_CPU to 0 (as that is equivalent to unlimited) by
"cheating" and setting it to 1 in such a case, does not make a difference,
as the check is done in the wrong place (too late), and only applies to the
profiling code.


Fixed in 2.6.22:;a=commitdiff;h=9926e4c74300c4b31dee007298c6475d33369df0
Comment 1 unnamedrambler 2008-03-27 17:00:59 UTC

[linux >= 2.6.17 < 2.6.22]
Comment 2 Robert Buchholz (RETIRED) gentoo-dev 2008-03-27 20:55:55 UTC
sounds good :-)