[ltp] WARNING: security hole in thinkpad-acpi and ibm-acpi
kernel modules
Henrique de Moraes Holschuh
linux-thinkpad@linux-thinkpad.org
Sun, 2 Aug 2009 15:19:37 -0300
On Tue, 21 Jul 2009, Henrique de Moraes Holschuh wrote:
> Nobody has tried to write a exploit for this bug yet, but it does seem like
> it is exploitable.
It turns out that the Linux VFS layer on x86 (the only arch thinkpad-acpi
works on, anyway) protects against very big writes, so the bug is likely not
exploitable.
Still, better safe than sorry, and the patch (with a much simpler commit
message, since it looks like it is not a security bug after all) is going to
be present on 2.6.31, and it was submitted for inclusion on 2.6.27 and
2.6.30.
--
"One disk to rule them all, One disk to find them. One disk to bring
them all and in the darkness grind them. In the Land of Redmond
where the shadows lie." -- The Silicon Valley Tarot
Henrique Holschuh