summaryrefslogtreecommitdiff
path: root/include/linux/proc_fs.h
diff options
context:
space:
mode:
authorAl Viro <viro@zeniv.linux.org.uk>2005-11-04 13:18:40 +0300
committerLinus Torvalds <torvalds@g5.osdl.org>2005-11-09 04:57:30 +0300
commit330d57fb98a916fa8e1363846540dd420e99499a (patch)
tree841d5e5eeda46fd95ac03c36964919818a9bc3a6 /include/linux/proc_fs.h
parent8546df6f357dadf1989ad8da9309c9524fd56cdf (diff)
downloadlinux-330d57fb98a916fa8e1363846540dd420e99499a.tar.xz
[PATCH] Fix sysctl unregistration oops (CVE-2005-2709)
You could open the /proc/sys/net/ipv4/conf/<if>/<whatever> file, then wait for interface to go away, try to grab as much memory as possible in hope to hit the (kfreed) ctl_table. Then fill it with pointers to your function. Then do read from file you've opened and if you are lucky, you'll get it called as ->proc_handler() in kernel mode. So this is at least an Oops and possibly more. It does depend on an interface going away though, so less of a security risk than it would otherwise be. Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Diffstat (limited to 'include/linux/proc_fs.h')
-rw-r--r--include/linux/proc_fs.h1
1 files changed, 1 insertions, 0 deletions
diff --git a/include/linux/proc_fs.h b/include/linux/proc_fs.h
index 65ceeaa30652..74488e49166d 100644
--- a/include/linux/proc_fs.h
+++ b/include/linux/proc_fs.h
@@ -66,6 +66,7 @@ struct proc_dir_entry {
write_proc_t *write_proc;
atomic_t count; /* use count */
int deleted; /* delete flag */
+ void *set;
};
struct kcore_list {