Bug#632923: [oss-security] CVE request: perf: may parse user-controlled config file
On Sunday, August 07, 2011 01:34:38 PM dann frazier wrote:
> This was reported by Christian Ohm at:
> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=632923
>
> The perf command, provided as part of the Linux kernel source, looks
> for and honors configuration settings in ./config. A local user could
> obtain elevated privileges by convincing a superuser to run the perf
> command from a directory the user controls.
And in recent kernels has an executable stack:
https://bugzilla.redhat.com/show_bug.cgi?id=704296
-Steve
Reply to: