Vigil@nce: Linux kernel, signal sending
April 2009 by Vigil@nce
In some cases, a local attacker can send a signal to some
processes.
– Severity: 1/4
– Consequences: data flow
– Provenance: user shell
– Means of attack: no proof of concept, no attack
– Ability of attacker: expert (4/4)
– Confidence: confirmed by the editor (5/5)
– Diffusion of the vulnerable configuration: high (3/3)
– Creation date: 07/04/2009
IMPACTED PRODUCTS
– Linux kernel
DESCRIPTION OF THE VULNERABILITY
When a process ends, it sends a SIGCHLD signal to its parent. When
a thread ends, it can send a signal to the process. These two
features store the signal number in the exit_signal field of the
task_struct structure.
The exit_notify() function of the kernel/exit.c file ensures that
the value of exit_signal is SIGCHLD, when the process ends.
However, if the process ends with the CAP_KILL capability, the
value previously stored in exit_signal is left untouched. This
case occurs when the process calls an exec() on a suid program.
In this case, the signal sent by the last thread is thus sent to
the parent process.
CHARACTERISTICS
– Identifiers: VIGILANCE-VUL-8605
– Url: http://vigilance.fr/vulnerability/Linux-kernel-signal-sending-8605
To change your email preferences (frequency, severity threshold, format):
https://vigilance.fr/?action=2041549901&langue=2