On Mon, Dec 25, 2006 at 01:11:56PM +0100, Florian Weimer
wrote:> Has CVE-2006-5648 been addressed for the current linux-2.6 version?
Not completely.
> Here''s what I''ve found out about this bug so far:
Thanks for researching this.
> NOTE: Some new futex-related system calls need arch-specific support
> NOTE: routines, or they can lead to unkillable userspace processes.
> NOTE: The following git commits add futex_atomic_cmpxchg_inatomic
> NOTE: implementations. The initial implementation contained code
> NOTE: for amd64 and i386. Other implementations were added here:
> NOTE: c7fed9d75074f7c243ec8ff2c55d04de2839a6f6 (sparc64, before 2.6.19)
Already included (part of 2.6.18.3)
> NOTE: 69588298188b40ed7f75c98a6fd328d82f23ca21 (powerpc, before 2.6.18)
As you note, already in 2.6.18
> NOTE: a192dc16000241dc02990a36b6830839b73c44de (ia64, before 2.6.19)
Note there, but (as you note) also not wired
> NOTE: 342a0497c23c278633f8674ab62f71e5049b7080 (parisc, before 2.6.19)
Already included in hppa.patch.
> NOTE: Expoitability depends on whether the syscall is actually wired,
> NOTE: which seems to be the case for everything but ia64 and maybe arm.
I don''t see wiring for alpha, m68k, mips, or mipsel in our 2.6.18
either - do you?
s390 has both wiring and implementation, so it should be safe.
The only outstanding hole I can see is sparc32 - it includes the
generic futex.h which does not implement these functions.
Do you agree?
--
dann frazier