Bug 633178 - [RHEL 5.6] xfs: fix untrusted inode lookup backport botch
Summary: [RHEL 5.6] xfs: fix untrusted inode lookup backport botch
Keywords:
Status: CLOSED DUPLICATE of bug 607032
Alias: None
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: kernel
Version: 5.6
Hardware: All
OS: Linux
high
medium
Target Milestone: rc
: ---
Assignee: Red Hat Kernel Manager
QA Contact: Red Hat Kernel QE team
URL:
Whiteboard:
Depends On:
Blocks: 624862 CVE-2010-2943
TreeView+ depends on / blocked
 
Reported: 2010-09-13 05:37 UTC by Dave Chinner
Modified: 2010-09-13 14:48 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2010-09-13 11:31:03 UTC
Target Upstream Version:


Attachments (Terms of Use)

Description Dave Chinner 2010-09-13 05:37:14 UTC
Description of problem:

RHEL 5.x has a different open-by-handle path to rhel6/mainline and so the backport of the untrusted inode lookup patches failed to update this path. Hence local handle lookups were not being checked correctly. This was not picked up during initial testing as the tests are affected by timing and not always guarantee to fail.


Version-Release number of selected component (if applicable):

rhel 5.6

How reproducible:

Reproduced in QA. See bug 624366.

Additional info:

The fixes for CVE-2010-2943 et al are not correct or complete without this bug being fixed.


Note You need to log in before you can comment on or make changes to this bug.