Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 228816 - CVE-2007-0771 utrace regression / denial of service
Summary: CVE-2007-0771 utrace regression / denial of service
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: kernel
Version: 5.0
Hardware: All
OS: Linux
urgent
high
Target Milestone: ---
: ---
Assignee: Roland McGrath
QA Contact: Brian Brock
URL:
Whiteboard: impact=important,source=lkml,reported...
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2007-02-15 09:57 UTC by Marcel Holtmann
Modified: 2007-11-30 22:07 UTC (History)
4 users (show)

Fixed In Version: RHSA-2007-0169
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2007-04-30 16:36:53 UTC
Target Upstream Version:


Attachments (Terms of Use)
fix for utrace/ptrace leak and crash bugs with MT exec (deleted)
2007-03-07 11:20 UTC, Roland McGrath
no flags Details | Diff
modified test program (deleted)
2007-03-07 19:40 UTC, Roland McGrath
no flags Details
fix for utrace/ptrace leak and crash bugs with MT exec + utrace_attach spin failure mode (deleted)
2007-03-08 03:10 UTC, Roland McGrath
no flags Details | Diff


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2007:0169 normal SHIPPED_LIVE Important: kernel security and bug fix update 2007-04-30 16:36:50 UTC

Description Marcel Holtmann 2007-02-15 09:57:41 UTC
It is possible to render a system with utrace support unusable in ~10 seconds
(but not mainline kernel where Ctrl+C will kill process).

Comment 7 Roland McGrath 2007-03-07 11:20:32 UTC
Created attachment 149446 [details]
fix for utrace/ptrace leak and crash bugs with MT exec

This fixes both OOM and BUG_ON failure modes and another crash failure mode
from the same problem.	I can't reproduce any problems in the test case after
this patch, where I got all three failure modes before.

Comment 11 Roland McGrath 2007-03-07 19:40:38 UTC
Created attachment 149481 [details]
modified test program

Here is the version of the test I have been using.
It prints out some more info, but not so much that it perturbed the behavior
for me.

Comment 12 Roland McGrath 2007-03-08 02:14:02 UTC
Fedora bug 227952 is the same problems as this.

Comment 13 Roland McGrath 2007-03-08 03:10:44 UTC
Created attachment 149546 [details]
fix for utrace/ptrace leak and crash bugs with MT exec + utrace_attach spin failure mode

This includes an additional fix that I think resolves a failure mode where
utrace_attach spins when you try to kill the test with SIGKILL.

Comment 23 Don Howard 2007-03-29 21:41:51 UTC
A patch for this issue has been included in zstream build 2.6.18-8.1.2.el5.

Comment 26 Mike Gahagan 2007-04-26 22:04:33 UTC
fix verified on an x86_64 test system, I had to run 3 concurrent copies of
ptrace_thrash to reproduce the problem initially.


Comment 28 Red Hat Bugzilla 2007-04-30 16:36:54 UTC
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHSA-2007-0169.html



Note You need to log in before you can comment on or make changes to this bug.