Mailinglist Archive: opensuse-security (511 mails)
| < Previous | Next > |
RE: [suse-security] SHM
- From: Roman Drahtmueller <draht@xxxxxxx>
- Date: Wed, 22 Aug 2001 16:06:15 +0200 (MEST)
- Message-id: <Pine.LNX.4.33.0108221602340.2355-100000@xxxxxxxxxxxx>
> Gosh, I never noticed what kind of OS we have! ;)
Da staunst Du, was? :-)
>
> So my question is: Is this a feature of both 2.2.x and 2.4.x, or 2.4.x only?
> Can this be set up securely? I mean, a simple leak/BoF in this code and yer box
> is gone forever...?! Any recommended reading/links?
The kernel source. shmfs is 2.4 only. In some ways it's a waste product of
the mm subsystem. There are big differences in the mm code btw 2.2 and
2.4.
> > This is just about the security implication of it: If it's full, your mem
> > is gone.
>
> If THAT would be all there is...!
It probably isn't. There is always the possibility for a race condition,
be it in the handling of meta data or memory. Remember the mmap()-write()
race in reiserfs that was fixed with 2.2.19, a bug that was present in the
ext2 driver in BSD? Nasty stuff...
Anyway, I think the security-relevant material is exhausted with this.
Roman.
--
- -
| Roman Drahtmüller <draht@xxxxxxx> // "Caution: Cape does |
SuSE GmbH - Security Phone: // not enable user to fly."
| Nürnberg, Germany +49-911-740530 // (Batman Costume warning label) |
- -
Da staunst Du, was? :-)
>
> So my question is: Is this a feature of both 2.2.x and 2.4.x, or 2.4.x only?
> Can this be set up securely? I mean, a simple leak/BoF in this code and yer box
> is gone forever...?! Any recommended reading/links?
The kernel source. shmfs is 2.4 only. In some ways it's a waste product of
the mm subsystem. There are big differences in the mm code btw 2.2 and
2.4.
> > This is just about the security implication of it: If it's full, your mem
> > is gone.
>
> If THAT would be all there is...!
It probably isn't. There is always the possibility for a race condition,
be it in the handling of meta data or memory. Remember the mmap()-write()
race in reiserfs that was fixed with 2.2.19, a bug that was present in the
ext2 driver in BSD? Nasty stuff...
Anyway, I think the security-relevant material is exhausted with this.
Roman.
--
- -
| Roman Drahtmüller <draht@xxxxxxx> // "Caution: Cape does |
SuSE GmbH - Security Phone: // not enable user to fly."
| Nürnberg, Germany +49-911-740530 // (Batman Costume warning label) |
- -
| < Previous | Next > |