diff options
author | Greg Kroah-Hartman <gregkh@suse.de> | 2006-07-06 13:02:05 -0700 |
---|---|---|
committer | Greg Kroah-Hartman <gregkh@suse.de> | 2006-07-06 13:02:05 -0700 |
commit | 0af184bb9f80edfbb94de46cb52e9592e5a547b0 (patch) | |
tree | c8b28a09bb71332cbf1452aff7d89adb74c33f6b | |
parent | 52cbb7b78994ea3799f1bbb8c03bce1e2f72a271 (diff) |
fix prctl privilege escalation and suid_dumpable (CVE-2006-2451)
Based on a patch from Ernie Petrides
During security research, Red Hat discovered a behavioral flaw in core
dump handling. A local user could create a program that would cause a
core file to be dumped into a directory they would not normally have
permissions to write to. This could lead to a denial of service (disk
consumption), or allow the local user to gain root privileges.
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
-rw-r--r-- | kernel/sys.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/kernel/sys.c b/kernel/sys.c index 0b6ec0e7936..59273f7631b 100644 --- a/kernel/sys.c +++ b/kernel/sys.c @@ -1991,7 +1991,7 @@ asmlinkage long sys_prctl(int option, unsigned long arg2, unsigned long arg3, error = current->mm->dumpable; break; case PR_SET_DUMPABLE: - if (arg2 < 0 || arg2 > 2) { + if (arg2 < 0 || arg2 > 1) { error = -EINVAL; break; } |