Description of problem: http://linux.bkbits.net:8080/linux-2.4/related/kernel/fork.c? nav=index.html|src/.|src/kernel (duplicate PID fix) Version-Release number of selected component (if applicable): kernel-2.4.20-24.9 Actual results: I don't know whether it's really possible to use that vulnerability.. .so is your turn ;-) Expected results: Maybe - if you think the patch is really needed: http://www.kernel.org/pub/linux/kernel/v2. 4/testing/cset/cset-t-kochi.nec. com|ChangeSet|20031216155916|03275.txt Additional info: Only Fedora Core's Kernel 2.4.22 is patched against that vulnerability. Affected are all Red Hat Linux versions.
So this shouldn't affect any NPTL kernel which has entirely different code. One of our kernel engineers said "A duplicate PID can be a security issue if the duplicate replaces the previous task. In that case an unprivileged user could "mask" the PID of a root daemon, and if somewhere authentication is PID based, it could assume the identity of that process." however since users cannot normally fill up the PID space there would not be a generic exploit for the default install.
Hm, but why is Fedora Core's NPTL Kernel then patched against the vulnerability, when it isn't affected?
The Fedora NPTL patch actually _removes_ that code. Again, it's completely different.
Okay...if you say that, then it isn't a bug :-)