kernel-ark/include
Al Viro 330d57fb98 [PATCH] Fix sysctl unregistration oops (CVE-2005-2709)
You could open the /proc/sys/net/ipv4/conf/<if>/<whatever> file, then
wait for interface to go away, try to grab as much memory as possible in
hope to hit the (kfreed) ctl_table.  Then fill it with pointers to your
function.  Then do read from file you've opened and if you are lucky,
you'll get it called as ->proc_handler() in kernel mode.

So this is at least an Oops and possibly more.  It does depend on an
interface going away though, so less of a security risk than it would
otherwise be.

Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-11-08 17:57:30 -08:00
..
acpi
asm-alpha
asm-arm Merge with ARM SMP tree 2005-11-08 22:43:44 +00:00
asm-arm26
asm-cris
asm-frv
asm-generic [PATCH] RapidIO support: core base 2005-11-07 07:53:46 -08:00
asm-h8300
asm-i386
asm-ia64 Auto-update from upstream 2005-11-07 09:05:22 -08:00
asm-m32r
asm-m68k [SPARC]: Kill remaining kbio.h references. 2005-11-07 14:12:21 -08:00
asm-m68knommu [PATCH] m68knommu: move some platform irq support out of irq.h 2005-11-07 08:00:47 -08:00
asm-mips Merge branch 'upstream' of git://ftp.linux-mips.org/pub/scm/upstream-linus 2005-11-07 11:15:23 -08:00
asm-parisc
asm-powerpc powerpc: merge ide.h 2005-11-08 12:20:34 +11:00
asm-ppc powerpc: merge ide.h 2005-11-08 12:20:34 +11:00
asm-ppc64 powerpc: merge ide.h 2005-11-08 12:20:34 +11:00
asm-s390
asm-sh
asm-sh64
asm-sparc [SPARC]: remove vuid_event.h 2005-11-07 14:11:38 -08:00
asm-sparc64 [SPARC64] mm: simpler tlb_flush_mmu 2005-11-07 14:12:08 -08:00
asm-um
asm-v850
asm-x86_64
asm-xtensa
keys
linux [PATCH] Fix sysctl unregistration oops (CVE-2005-2709) 2005-11-08 17:57:30 -08:00
math-emu
media
mtd
net [Bluetooth]: Remove the usage of /proc completely 2005-11-08 09:57:38 -08:00
pcmcia
rdma
rxrpc
scsi
sound
video