Posted Jan 8, 2010 13:55 UTC (Fri) by PaXTeam (subscriber, #24616)
Parent article: RCU strings
> (One should note that these races are not, in general, potential
> security problems. The changing of sysctl variables is a privileged
> operation, so it cannot be done from arbitrary user accounts.)
this is a non-sequitur. the premise for exploitation is the occurance of the race, regardless of who triggers it or when it is triggered. so unless there's some guarantee that during the race the partially modified strings can never actually be abused (say, by never pointing to a path controlled by an unprivileged user), there's always a potential security problem, however small or theoretical (or not so theoretical, think of the suid coredump bug and how it was 'fixed').
also one would hope that in 2010 A.D. 'int size' doesn't pass review.