LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

(Nearly) full tickless operation in 3.10

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

RCU strings

RCU strings

Posted Jan 8, 2010 13:55 UTC (Fri) by PaXTeam (subscriber, #24616)
Parent article: RCU strings

> (One should note that these races are not, in general, potential
> security problems. The changing of sysctl variables is a privileged
> operation, so it cannot be done from arbitrary user accounts.)

this is a non-sequitur. the premise for exploitation is the occurance of the race, regardless of who triggers it or when it is triggered. so unless there's some guarantee that during the race the partially modified strings can never actually be abused (say, by never pointing to a path controlled by an unprivileged user), there's always a potential security problem, however small or theoretical (or not so theoretical, think of the suid coredump bug and how it was 'fixed').

also one would hope that in 2010 A.D. 'int size' doesn't pass review.

(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds