Synopsis: Linux kernel file offset pointer handling Product: Linux kernel Version: 2.4 up to to and including 2.4.26, 2.6 up to to and including 2.6.7 Vendor: http://www.kernel.org/ URL: http://isec.pl/vulnerabilities/isec-0016-procleaks.txt CVE: CAN-2004-0415 Author: Paul Starzetz <[EMAIL PROTECTED]> Date: Aug 04, 2004
Issue: ======
A critical security vulnerability has been found in the Linux kernel
code handling 64bit file offset pointers.
...
Even discounting the mangling in this posting, the code doesn't work
as advertised under 2.6.7. I've tried a number of different scenarios:
multiple machines, slow storage, fast storage, large files, small files -
but _llseek(pfd, 0, 0, &off, SEEK_CUR) doesn't fail. Is this just because
I'm stupid or because the code supplied is incorrect?
Furthermore, mtrr_read doesn't seem to exist anywhere in the Linux kernel,
at least not by that name. The function in question would probably exist
in linux/arch/i386/kernel/cpu/mtrr/if.c, but there's nothing of the sort
in there. Heck, the kernel code shown isn't even VALID.
My fault or Paul's?
PGP.sig
Description: This is a digitally signed message part