mailing list archives
patch for exec+ptrace security hole available (fwd)
From: Vagner Sacramento <vagner () natalnet br>
Date: Sat, 16 Jun 2001 14:44:11 -0300 (BRT)
---------- Forwarded message ----------
Date: Sat, 16 Jun 2001 11:08:53 -0400 (EDT)
From: Aaron Campbell <aaron () monkey org>
To: security-announce () openbsd org
Subject: patch for exec+ptrace security hole available
A race condition exists in the kernel execve(2) implementation that opens
a small window of vulnerability for a non-privileged user to
ptrace(2) attach to a suid/sgid process.
The fix has also been committed to the 2.8 and 2.9 stable branches.
The bug was found by Georgi Guninski; Art Grabowski came up with a fix.
- patch for exec+ptrace security hole available (fwd) Vagner Sacramento (Jun 16)