Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 74463

Summary: Kernel infoleak in /proc/.../cmdline (CAN-2004-1058)
Product: Gentoo Security Reporter: Thierry Carrez (RETIRED) <koon>
Component: KernelAssignee: Gentoo Security <security>
Status: RESOLVED DUPLICATE    
Severity: minor    
Priority: High    
Version: unspecified   
Hardware: All   
OS: All   
URL: http://www.ubuntulinux.org/support/documentation/usn/usn-38-1
Whiteboard:
Package list:
Runtime testing required: ---

Description Thierry Carrez (RETIRED) gentoo-dev 2004-12-15 02:49:59 UTC 
CAN-2004-1058:
  Rob Landley discovered a race condition in the handling of /proc/.../cmdline.
  Under very rare circumstances an user could read the environment variables of
  another process that was still spawning. Environment variables are often used
  to pass passwords and other private information to other processes.
Comment 1 Tim Yamin (RETIRED) gentoo-dev 2004-12-18 17:26:49 UTC 

*** This bug has been marked as a duplicate of 59905 ***