*** This bug has been split off bug 144524 *** ------- Original comment by Josh Bressers (Security Response Team) on 2005.01.07 17:08 ------- This was reported by grsecurity to full-disclosure http://lists.netsys.com/pipermail/full-disclosure/2005-January/030660.html the 'culprit' patch is how the default RLIM_MEMLOCK and the privilege to call mlockall have changed in 2.6.9. namely, the former has been reduced to 32 pages while the latter has been relaxed to allow it for otherwise unprivileged users if their RLIM_MEMLOCK is bigger than the currently allocated vm. which is normally good enough, except as you now know there's a path that can increase the allocated vm without checking for RLIM_MEMLOCK. The fix for this issue is attachment 109501 [details]
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on the solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHSA-2005-092.html