<!-- SBZ_reproduce  -->
n/a

fix for 2.6 is here: 
 
http://linux.bkbits.net:8080/linux-2.6/cset%4041bdc399fjcFowgsJH5ZMZ8eP-YcwA?nav=index.html|
src/.|src/ipc|related/ipc/shm.c 
 
 

Created attachment 28088 [details]
ipc-shm-lock-fix.patch

extract from mainline bitkeeper

2.4 is not affected (checked relevant code). 

CAN-2005-0176 

The fix seems to be fine for 2.6.8, but for 2.6.5 based kernels it will not
compile. Andrea, could you please take over? It's probably quite easy for you
(it's only some lines of code), but I would like to avoid messing things up. The
patch is already in the CVS for SP1 and SP2 and has the name "ipc-shm-lock-fix".
I disabled it in series.conf for now.

this patch seems not needed for SP1/SP2, these bugs have been introduced by 
redhat with their alternative approach to the mlock sysctl that we added in GA. 
 
Their alternative approach is cleaner but it's broken, this is the third fatal 
breakage found so far in their code. 
 
The first I spotted it myself in the shmget usage not being accounted before it 
merged into mainline, the second was an hole in the expand_stack #65373, and 
now there's this hole in the SHM_LOCK/UNLOCK. 
 
The only tree affected by this bug should be SL92 (like in #65373), and I 
understand you already applied it there (i.e. 2.6.8). 
 
Probably it's better to delete the file from the SP1/SP2 trees to avoid 
confusion. 
 
Thanks! 

Ok, I will delete the patch from the sp1 and sp2 trees. For 9.2, the patch is
only in the CVS but currently disabled in series.conf. Could you please have a
short look if the patch is correct for that tree, so I can enable it? Thanks!

Argl, it seems bugzilla decided to remove Andrea from the Cc: list...

Fix committed to 9.2 tree. Other trees are not vulnerable according to Andrea.

tracking 

All looks fine, thanks. 

updates and advisory released 

CVE-2005-0176: CVSS v2 Base Score: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)