Bug 148863 - CAN-2005-0136 ptrace corner cases on ia64
CAN-2005-0136 ptrace corner cases on ia64
Status: CLOSED NOTABUG
Product: Red Hat Enterprise Linux 2.1
Classification: Red Hat
Component: kernel (Show other bugs)
2.1
ia64 Linux
medium Severity high
: ---
: ---
Assigned To: Jim Paradis
Brian Brock
impact=important,embargo=20050311,rep...
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2005-02-16 08:56 EST by Mark J. Cox (Product Security)
Modified: 2007-11-30 17:06 EST (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2005-06-14 18:20:54 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
test cast to reproduce issue. (20.00 KB, application/octet-stream)
2005-04-18 15:12 EDT, Neil Horman
no flags Details

  None (edit)
Description Mark J. Cox (Product Security) 2005-02-16 08:56:43 EST
*** This bug has been split off bug 148862 ***

------- Original comment by Mark J. Cox (Security Response Team) on 2005.02.16
08:52 -------

Read the description of this issue at 
http://www.gelato.unsw.edu.au/linux-ia64/0409/11073.html

A patch for 2.6 was committed:
http://lia64.bkbits.net:8080/linux-ia64-release-2.6.11/cset@41f2d1eePludGYyb1yOmGaW6Iois8Q

Impact looks like it is a unprivileged DoS at least, possibly more.

Currently embargoed, no date set.
Comment 1 Mark J. Cox (Product Security) 2005-03-16 05:43:14 EST
public, removing embargo
Comment 2 Neil Horman 2005-04-18 15:12:02 EDT
Created attachment 113339 [details]
test cast to reproduce issue.

test case passed from intel to recreate this problem
Comment 3 Jim Paradis 2005-06-14 18:20:54 EDT
This is not an issue on AS2.1/ia64 because the mechanisms described
(syscall_trace_enter/syscall_trace_leave) are not implemented there.  The only
calls to syscall_trace are through an assembly-language wrapper
(invoke_syscall_trace) that does the proper preservation of arg registers.

Note You need to log in before you can comment on or make changes to this bug.