OSDN Git Service
[PATCH] CVE-2007-3848 Privilege escalation via PR_SET_PDEATHSIG
Fix the "parent process death signal" vulnerability in the Linux kernel
discovered by Wojciech Purczynski of COSEINC PTE Ltd. and iSEC Security
Research (CVE-2007-3848).
To sum up, any local user could manage to start a setuid program then
send it an arbitrary signal while it is running, by first setting the
PR_SET_PDEATHSIG argument of the prctl() system call, and then running
another setuid program from the parent process. This is something the
user is normally supposed to be able to do only as long as the setuid
program has not completely switched its UID.
Depending on the installed setuid programs, this may lead to either a
denial of service or even to a privilege escalation, so this issue is
very distribution specific.
For more information regarding this issue, please refer to the original
advisory :
http://www.isec.pl/vulnerabilities/isec-0024-death-signal.txt
The following fix has been provided by Solar Designer and is already
part of the latest Openwall kernel.
Signed-off-by: Willy Tarreau <w@1wt.eu>