procps/proc
Qualys Security Advisory 14758ebc8f proc/readproc.c: Work around a design flaw in readeither().
readeither() caches (in new_p) a pointer to the proc_t of a task-group
leader, but readeither()'s callers can do pretty much anything with the
proc_t structure passed to and/or returned by this function. For
example, they can 1/ free it or 2/ recycle it (by passing it to
readeither() as x).

1/ leads to a use-after-free, and 2/ leads to unexpected behavior when
taskreader()/simple_readtask() is called with new_p equal to x (this is
not a theoretical flaw: 2/ happens in readproctab3() when want_task()
returns false and p is a group leader).

As a workaround, we keep a copy of new_p's first member (tid) in static
storage, and the next times we enter readeither() we check this "canary"
against the tid in new_p: if they differ, we reset new_p to NULL, which
forces the allocation of a new proc_t (the new "leader", or reference).

This always detects 2/ (because free_acquired(x,1) memsets x and hence
new_p); always detects 1/ if freed via free_acquired() and/or freeproc()
(very likely, otherwise memory may be leaked); probably detects 1/ even
if freed directly via free() (because the canary is the first member of
proc_t, likely to be overwritten by free()); but can not detect 1/ if
free() does not write to new_p's chunk at all.

Moreover, accessing new_p->tid to check the canary in case 1/ is itself
a use-after-free, so a better long-term solution should be implemented
at some point (we wanted to avoid intrusive and backward-incompatible
changes in this library function, hence this imperfect workaround).
2018-05-19 07:32:22 +10:00
..
alloc.c proc/alloc.*: Use size_t, not unsigned int. 2018-05-19 07:32:21 +10:00
alloc.h proc/alloc.*: Use size_t, not unsigned int. 2018-05-19 07:32:21 +10:00
COPYING
devname.c proc/devname.c: Never write more than "chop" (part 2). 2018-05-19 07:32:21 +10:00
devname.h
escape.c proc/escape.c: Handle negative snprintf() return value. 2018-05-19 07:32:21 +10:00
escape.h
fprocopen.3 docs: Change name of fprocopen man page 2018-02-28 21:24:03 +11:00
libprocps.pc.in
libprocps.sym sysctl: Bring procio functions out of library 2018-03-01 21:25:04 +11:00
numa.c library: set stage for NUMA node field display support 2017-05-22 21:34:32 +10:00
numa.h library: build on non-glibc systems 2018-04-10 21:28:11 +10:00
openproc.3 documentation: fix man pages due to refactor for wchan 2015-06-19 19:09:21 +10:00
procps-private.h library: Change linux version 2015-06-19 21:00:46 +10:00
procps.h library: relocate the typedef used in alloc.h override 2017-12-23 17:41:37 +11:00
pwcache.c library: rename clashing pwcache functions 2016-07-06 22:26:02 +10:00
pwcache.h library: rename clashing pwcache functions 2016-07-06 22:26:02 +10:00
readproc.3 misc: result after checking all files for misspellings 2014-08-08 22:14:21 +02:00
readproc.c proc/readproc.c: Work around a design flaw in readeither(). 2018-05-19 07:32:22 +10:00
readproc.h library: avoid QUICK_THREADS, swat Redhat bug #1284091 2016-07-09 13:23:27 +10:00
readproctab.3 misc: result after checking all files for misspellings 2014-08-08 22:14:21 +02:00
sig.c proc/sig.c: Harden print_given_signals(). 2018-05-19 07:32:21 +10:00
sig.h
slab.c proc/slab.c: Initialize struct slab_info in get_slabnode(). 2018-05-19 07:32:21 +10:00
slab.h proc/slab.h: Fix off-by-one overflow in sscanf(). 2018-05-19 07:32:21 +10:00
sysinfo.c proc/sysinfo.c: Ensure null-termination in getstat(). 2018-05-19 07:32:22 +10:00
sysinfo.h - Fixing sysinfo - devices with length exceeding 15 chars are not displayed in vmstat -d 2016-06-30 18:29:50 +02:00
version.c miscellaneous: remove some trailing whitespace buildup 2015-06-20 07:46:23 +10:00
version.h proc/version.h: Protect parameter in LINUX_VERSION() macro. 2018-05-19 07:32:21 +10:00
wchan.c misc: remove some trailing whitespace newly introduced 2016-12-07 21:50:59 +11:00
wchan.h library: refactor and rely on modern kernels for wchan 2015-06-19 19:09:20 +10:00
whattime.c proc/whattime.c: Always initialize buf. 2018-05-19 07:32:21 +10:00
whattime.h