Six-Year-Old Linux Kernel Flaw Lets Unprivileged Users Read Root-Owned Files
|
|
Here we go again! Another security flaw has been disclosed today in the Linux kernel, reported by security researchers at Qualys, that could allow an unprivileged user to read root-owned files, such as SSH keys.
|
|
A proof-of-concept is available as ssh-keysign-pwn, taking advantage of the __ptrace_may_access() function in the Linux kernel, skipping the dumpable check when task->mm == NULL. As such, do_exit() runs exit_mm() before exit_files() (no mm, fds still there) and pidfd_getfd(2) succeeds in that window when the caller’s uid matches the target’s. Full Story |
This topic does not have any threads posted yet!
You cannot post until you login.
