*** This bug has been split off bug 144524 *** ------- Original comment by Josh Bressers (Security Response Team) on 2005.01.07 17:08 ------- This was reported by grsecurity to full-disclosure http://lists.netsys.com/pipermail/full-disclosure/2005-January/030660.html the 'culprit' patch is how the default RLIM_MEMLOCK and the privilege to call mlockall have changed in 2.6.9. namely, the former has been reduced to 32 pages while the latter has been relaxed to allow it for otherwise unprivileged users if their RLIM_MEMLOCK is bigger than the currently allocated vm. which is normally good enough, except as you now know there's a path that can increase the allocated vm without checking for RLIM_MEMLOCK. The fix for this issue is attachment 109501 [details]
This issue should also affect FC2.
fixed in todays updates.