APPLIED: [CVE-2011-2495] restrict access to /proc/PID/io
Tim Gardner
tim.gardner at canonical.com
Tue Oct 4 19:33:22 UTC 2011
On 10/04/2011 11:52 AM, Andy Whitcroft wrote:
> CVE-2011-2495
> procfs io info disclosure
>
> The fix for this issue has hit oneiric via mainline. Half of the fix
> has hit lucid via stable. Following this email are four patch sets:
> one for hardy; one for lucid; one for lucid/fsl-imx51, maverick, and
> maverick/ti-omap4; and one for natty and natty/ti-omap4.
>
> Note that for hardy the locking is looser than that in upstream this may
> leave a small window which may be exploitable though closing the glaring
> exposures. The locks which are used to ensure there is no window are
> not in existance back in hardy. Indeed the races in exec which they are
> introduced to fix are also present.
>
> Proposing for hardy, lucid, lucid/fsl-imx51, maverick, maverick/ti-omap4,
> natty, and natty/ti-omap4.
>
> -apw
>
--
Tim Gardner tim.gardner at canonical.com
More information about the kernel-team
mailing list