Bug 444083
Summary: | kernel: [s390x] Apperant DoS caused by certain crashme invocations | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Mike Gahagan <mgahagan> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED WONTFIX | QA Contact: | Martin Jenner <mjenner> |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | dhoward, jburke, jlieskov, lwang, nobody, vgoyal |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | s390 | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2018-06-25 19:00:06 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 444773, 444774 | ||
Bug Blocks: |
Description
Mike Gahagan
2008-04-24 21:27:05 UTC
I've sucessfully reproduced this problem with both -89 and -87. [crashme@z213 ctcs]$ runin/bin/crashme 8192 -1103949072 100 0:0:10 2 Crashme: (c) Copyright 1990-1994 George J. Carrette Version: 2.5 20-APR-2005 crashme 8192 -1103949072 100 0:0:10 2 Subprocess run for 10 seconds (0 00:00:10) Time limit reached after run 1 Test complete, total real time: 37 seconds (0 00:00:37) exit status ... number of cases 9 ... 1 it is looking like the crashme process can't kill its own child processes, increasing verbosity (last arg in the command) seems to indicate that it can't kill the first child process and kill -9 won't kill any of them either. correction to reproducer instructions: The correct path to the crashme command is: /opt/ctcs/runin/bin Spoken to Jan. This is not a security bug. We should open up this bug. I ran crashme on kernel 2.6.18-92.1.10.el5 (s390x), and I can run or kill crashme easily. I did not observe the problem as described in comment #1. If this test is skipped in our kernel testing because of this bug, it should be re-enabled. Thanks. (In reply to comment #11) > Spoken to Jan. This is not a security bug. We should open up this bug. > > I ran crashme on kernel 2.6.18-92.1.10.el5 (s390x), and I can run or kill > crashme easily. I did not observe the problem as described in comment #1. Correction. Not comment #1 but description. |