Doug Chapman reported an error in "mm/mempolicy.c" when handling policy system calls, which could be exploited by local attackers to cause a denial of service via a "set_mempolicy" call with a 0 bitmask. http://www.frsirt.com/english/advisories/2006/0035 ----------------------- commit 8f493d797bc1fe470377adc9d8775845427e240e Author: Andi Kleen <ak@suse.de> Date: Tue Jan 3 00:07:28 2006 +0100 [PATCH] Make sure interleave masks have at least one node set Otherwise a bad mem policy system call can confuse the interleaving code into referencing undefined nodes. Originally reported by Doug Chapman
Patch: http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=8f493d797bc1fe470377adc9d8775845427e240e;hp=abe842eb98c45e2b77c5868ef106616ca828a3e4
CCing maintainers: please either upgrade to 2.6.15 fix with the patch in the URL. Thanks. hardened-sources-2.6: hardened herd mips-sources-2.6.1{3,4}: Kumba rsbac-sources-2.6: kang sh-sources-2.6: sh herd usermode-sources-2.6: dsd xbox-sources-2.6: gimli
The referenced patch only applies to 2.6.15 (at least, I've confirmed that it does not apply to 2.6.14). Due attention required in terms of backporting.
Created attachment 76773 [details, diff] mempolicy-interleave-mask-node.patch (for 2.6.14) Here's a backport of the patch for 2.6.14 courtesy of plasmaroo. I've had two users test this just recently and it appears to be valid.
Created attachment 76776 [details, diff] mempolicy-interleave-mask-node.patch (revision) Reference the correct bug number this time and changed to a typical "-p1" style patch.
The aformentioned patch was added to genpatches-2.6.14-9.base (the tarball of which has now been distributed on the mirrors), see http://dev.gentoo.org/~dsd/genpatches/releases-2.6.14.htm and http://dev.gentoo.org/~dsd/genpatches/trunk/2.6.14/. Also, this is fixed in hardened-sources-2.6.14-r4.
usermode now on 2.6.15
All fixed now, closing bug.