/proc/$PID/{sched,schedstat,etc} information leak. demo: http://openwall.com/lists/oss-security/2011/11/05/3 Solution: /proc/$pid/* vuln will be fixed in the following patch series by introducing a restricted procfs permission mode: [RFC v2 1/3] procfs: parse mount options https://lkml.org/lkml/2011/11/19/41 [RFC v2 2/3] procfs: add hidepid= and gid= mount options https://lkml.org/lkml/2011/11/19/42 [PATCH -next] proc: fix task_struct infoleak https://lkml.org/lkml/2011/12/11/62 (fix for previous patch) [RFC v2 3/3] procfs: add documentation for procfs mount options https://lkml.org/lkml/2011/11/19/43 Currently these series are in the -mm tree. Explanation: https://lkml.org/lkml/2011/11/19/42 Acknowledgements: Red Hat would like to thank Vasiliy Kulikov of Openwall for reporting this issue.
Created kernel tracking bugs for this issue Affects: fedora-all [bug 782686]
These are in Linus' tree now: Patch 1 from above: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux.git;a=commitdiff;h=97412950b10e64f347aec4a9b759395c2465adf6 Patches 2 and 3 were merged into one, with the additional fix that followed later: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux.git;a=commitdiff;h=0499680a42141d86417a8fbaa8c8db806bea1201 And there was a follow on oops fix after that: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux.git;a=commitdiff;h=a2ef990ab5a6705a356d146dd773a3b359787497
There is a following fix for initial mounting (instead of remounting): https://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=99663be772c827b8f5f594fe87eb4807be1994e5
The bug is still present in -279.5.1.el6.
(In reply to comment #7) > The bug is still present in -279.5.1.el6. Vasiliy, which bug do you mean? The one you pointed out in comment #5?