The linux-2.4.21-mlock.patch included in RHEL3 has a hole. It is
intended to allow normal uses to mlock within it's rlimit's however
the accounting can be broken in the case of IPC: one process/user can
mlock, another process can unlock. The later process gets it's pages
mlocked decremented even though the former process got the increment.
This could lead to unprivileged users getting rights to mlock memory.
This issue was reported by Arjan around Jun07 and fixed in FC2 (1.427
Non-kABI-breaking patch posted for review on 27-Apr-2005,
removing this bug from precluded-kABI-breakage blocker list.
A fix for this problem has just been committed to the RHEL3 U6
patch pool this evening (in kernel version 2.4.21-32.3.EL).
A fix for this problem has also been committed to the RHEL3 E6
patch pool this evening (in kernel version 2.4.21-32.0.1.EL).
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.
*** Bug 139881 has been marked as a duplicate of this bug. ***