While mm->start_stack was protected from cross-uid viewing (commit f83ce3e6b02d5e48b3a43b001390e2b58820389d), the start_code and end_code values were not. This would allow the text location of a PIE binary to leak, defeating ASLR. Note that the value "1" is used instead of "0" for a protected value since "ps", "killall", and likely other readers of /proc/pid/stat, take start_code of "0" to mean a kernel thread and will misbehave. Thanks to Brad Spengler for pointing this out. https://lkml.org/lkml/2011/3/11/380 Acknowledgements: Red Hat would like to thank Kees Cook for reporting this issue.
Statement: Red Hat Enterprise Linux 4 is now in Production 3 of the maintenance life-cycle, https://access.redhat.com/support/policy/updates/errata/, therefore the fix for this issue is not currently planned to be included in the future updates. Future kernel updates in Red Hat Enterprise Linux 5, 6 and Red Hat Enterprise MRG may address this flaw.
added to -mm tree: http://www.spinics.net/lists/mm-commits/msg82726.html
Upstream commit: http://git.kernel.org/linus/5883f57ca0008ffc93e09cbb9847a1928e50c6f3
This issue has been addressed in following products: MRG for RHEL-5 Via RHSA-2011:0500 https://rhn.redhat.com/errata/RHSA-2011-0500.html
This issue has been addressed in following products: Red Hat Enterprise Linux 6 Via RHSA-2011:0498 https://rhn.redhat.com/errata/RHSA-2011-0498.html
This issue has been addressed in following products: Red Hat Enterprise Linux 5 Via RHSA-2011:0833 https://rhn.redhat.com/errata/RHSA-2011-0833.html