Bug 112484 - Kernel vulnerable for duplicate PIDs
Kernel vulnerable for duplicate PIDs
Status: CLOSED NOTABUG
Product: Red Hat Linux
Classification: Retired
Component: kernel (Show other bugs)
9
All Linux
medium Severity medium
: ---
: ---
Assigned To: Arjan van de Ven
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2003-12-20 15:01 EST by Robert Scheck
Modified: 2007-04-18 13:00 EDT (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2004-04-15 13:14:13 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Robert Scheck 2003-12-20 15:01:35 EST
Description of problem:
http://linux.bkbits.net:8080/linux-2.4/related/kernel/fork.c?
nav=index.html|src/.|src/kernel (duplicate PID fix)

Version-Release number of selected component (if applicable):
kernel-2.4.20-24.9

Actual results:
I don't know whether it's really possible to use that vulnerability..
.so is your turn ;-)

Expected results:
Maybe - if you think the patch is really needed: 
http://www.kernel.org/pub/linux/kernel/v2.
4/testing/cset/cset-t-kochi@bq.jp.nec.
com|ChangeSet|20031216155916|03275.txt

Additional info:
Only Fedora Core's Kernel 2.4.22 is patched against that 
vulnerability. Affected are all Red Hat Linux versions.
Comment 1 Mark J. Cox (Product Security) 2004-04-08 05:58:51 EDT
So this shouldn't affect any NPTL kernel which has entirely different
code.  

One of our kernel engineers said "A duplicate PID can be a security
issue if the duplicate replaces the previous task. In that case an
unprivileged user could "mask" the PID of a root daemon, and if
somewhere authentication is PID based, it could assume the identity of
that process." however since users cannot normally fill up the PID
space  there would not be a generic exploit for the default install.
Comment 2 Robert Scheck 2004-04-09 09:55:36 EDT
Hm, but why is Fedora Core's NPTL Kernel then patched against the
vulnerability, when it isn't affected?
Comment 3 Dave Jones 2004-04-12 07:12:21 EDT
The Fedora NPTL patch actually _removes_ that code. Again, it's
completely different.
Comment 4 Robert Scheck 2004-04-15 13:14:13 EDT
Okay...if you say that, then it isn't a bug :-)

Note You need to log in before you can comment on or make changes to this bug.