Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 400571

Summary: sys-kernel/gentoo-sources-3.{0.17-r1,1.10,2.1-r1}: incorrect fix for local privilege escalation via /proc/<pid>/mem
Product: Gentoo Linux Reporter: Andrey <ahipp0>
Component: [OLD] Core systemAssignee: Gentoo Linux bug wranglers <bug-wranglers>
Status: RESOLVED DUPLICATE    
Severity: normal CC: shannemann
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard:
Package list:
Runtime testing required: ---

Description Andrey 2012-01-24 10:50:09 UTC 
The latest genpatches (genpatches-3.0-17.base.tar.bz2, genpatches-3.1-13.base.tar.bz2 and genpatches-3.2-4.base.tar.bz2) contain erroneous 2100_proc-mem-handling-fix.patch.
This patch just creates file "b/queue-3.2/proc-clean-up-and-fix-proc-pid-mem-handling.patch" (containing the real patch) in /usr/src/linux* instead of patching "fs/proc/base.c"

At least
sys-kernel/gentoo-sources-3.0.17-r1
sys-kernel/gentoo-sources-3.1.10
sys-kernel/gentoo-sources-3.2.1-r1
are affected.

Reproducible: Always

Steps to Reproduce:
1. emerge '=sys-kernel/gentoo-sources-3.2.1-r1'
Actual Results:  
The kernel is still vulnerable.

Expected Results:  
The kernel is not vulnerable.
Comment 1 Alex Legler (RETIRED) archtester gentoo-dev Security 2012-01-24 11:18:32 UTC 

*** This bug has been marked as a duplicate of bug 399243 ***