Bug 174075 - [RHEL4] CVE-2005-3783 ptrace DoS
[RHEL4] CVE-2005-3783 ptrace DoS
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: kernel (Show other bugs)
All Linux
medium Severity high
: ---
: ---
Assigned To: Peter Staubach
Brian Brock
: Security
Depends On:
  Show dependency treegraph
Reported: 2005-11-24 05:37 EST by Mark J. Cox
Modified: 2007-11-30 17:07 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2006-01-05 11:48:29 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Mark J. Cox 2005-11-24 05:37:19 EST
The ptrace functionality (ptrace.c) in Linux kernel 2.6 before, using CLONE_THREAD, does not use the thread group ID
        to check whether it is attaching to itself, which allows local
        users to cause a denial of service (crash).

Upstream fix at
Comment 3 Roland McGrath 2006-01-04 20:15:53 EST
This is a change to the user ABI and should not go into RHEL4.
The 2.6.14-stable branch upstream should not have put it in, IMHO.
Linus has decided that for 2.6.15 this ABI change is worth the risk and he'll
wait to hear users complain about it rather than worrying ahead of time.
We know from past reports that people have used ptrace in this way (one thread
to another within a process); such uses were probably ill-advised practice in
the first place, but if any exist in applications then changing this in RHEL4
would be a problem for customers.  There were various crash or leak bugs (DoS
potential) relating to this usage pattern, but AFAIK each individual problem has
been addressed upstream (and I think those fixes backported to RHEL4, though I
am not positive).  AIUI, the upstream change was not because there is any
current crash or DoS problem left, but because Linus decided it would be easier
to rule out the hairy class of usage patterns entirely than to worry about
stumbling across another such case since we already found and fixed a few cases
peculiar to this usage pattern.  If there are particular crash/leak/DoS failure
modes in RHEL4 ptrace use, those should be filed as specific bugs and addressed

Note You need to log in before you can comment on or make changes to this bug.