Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 400571 - sys-kernel/gentoo-sources-3.{0.17-r1,1.10,2.1-r1}: incorrect fix for local privilege escalation via /proc/<pid>/mem
Summary: sys-kernel/gentoo-sources-3.{0.17-r1,1.10,2.1-r1}: incorrect fix for local pr...
Status: RESOLVED DUPLICATE of bug 399243
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: [OLD] Core system (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Linux bug wranglers
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2012-01-24 10:50 UTC by Andrey
Modified: 2012-01-24 11:18 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Andrey 2012-01-24 10:50:09 UTC
The latest genpatches (genpatches-3.0-17.base.tar.bz2, genpatches-3.1-13.base.tar.bz2 and genpatches-3.2-4.base.tar.bz2) contain erroneous 2100_proc-mem-handling-fix.patch.
This patch just creates file "b/queue-3.2/proc-clean-up-and-fix-proc-pid-mem-handling.patch" (containing the real patch) in /usr/src/linux* instead of patching "fs/proc/base.c"

At least
sys-kernel/gentoo-sources-3.0.17-r1
sys-kernel/gentoo-sources-3.1.10
sys-kernel/gentoo-sources-3.2.1-r1
are affected.

Reproducible: Always

Steps to Reproduce:
1. emerge '=sys-kernel/gentoo-sources-3.2.1-r1'
Actual Results:  
The kernel is still vulnerable.

Expected Results:  
The kernel is not vulnerable.
Comment 1 Alex Legler (RETIRED) archtester gentoo-dev Security 2012-01-24 11:18:32 UTC

*** This bug has been marked as a duplicate of bug 399243 ***