LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Weekly Edition

Return to the Security page

Recent Features

LWN.net Weekly Edition for May 24, 2012

A uTouch architecture introduction

LWN.net Weekly Edition for May 17, 2012

Tasting the Ice Cream Sandwich

Highlights from the PostgreSQL 9.2 beta

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Linux Local Privilege Escalation via SUID /proc/pid/mem Write (zx2c4)

[Posted January 23, 2012 by corbet]

Linux Local Privilege Escalation via SUID /proc/pid/mem Write (zx2c4)
[Security] Posted Jan 23, 2012 14:49 UTC (Mon) by corbet

The "zx2c4" weblog has a detailed writeup of a local root vulnerability in /proc introduced in 2.6.39 and just fixed on January 17. "In 2.6.39, the protections against unauthorized access to /proc/pid/mem were deemed sufficient, and so the prior #ifdef that prevented write support for writing to arbitrary process memory was removed. Anyone with the correct permissions could write to process memory. It turns out, of course, that the permissions checking was done poorly. This means that all Linux kernels >=2.6.39 are vulnerable, up until the fix commit for it a couple days ago. Let’s take the old kernel code step by step and learn what’s the matter with it." As of this writing, distributors do not yet appear to have begun shipping updates for this vulnerability.

Comments (107 posted)

Copyright © 2012, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds