William Immendorf wrote: > I've recently stumbled upon an security flaw in Linux. It affects > Linux < 2.6.32-rc6. The problem is that when using the > pipe_read_open(), pipe_write_open() or pipe_rdwr_open() functions > while releasing a mutex (mutual exclusion) too early, in certain > conditions, this causes a race condition, which allows the bad guy to > have root access, and you know what happens next. > > There are two fixes: One, backport a patch that fixes this issues to > 2.6.31.6 and 2.6.30.2 (the former is the LFS Dev version, the latter, > the 6.5 version, and for the 6.5 version, add a errata link to the > patch..) from here: > http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=ad3960243e55320d74195fb85c975e0a8cc4466c. > > The other fix is to set mmap_min_addr to a value higher than 0, such > as 65535, but that also causes wine, dosbox, and qemu to malfunction, > so that's why I perfer the backported patch. Please, please, patch the > kernel to fix this issue, and please stop LFS from being exploited.
Thanks for the heads up. I don't think this is an emergency though. New kernels are released pretty regularly. I think that 2.6.31.7 and/or 2.6.32.0 will be released in the next day or two. At that point we can update -dev. Although there is a note in LFS to use the latest 2.6.31.x kernel, we'll also put in a note into the errata about the vulnerability. -- Bruce -- http://linuxfromscratch.org/mailman/listinfo/lfs-dev FAQ: http://www.linuxfromscratch.org/faq/ Unsubscribe: See the above information page
