System call fuzzing continued.
Dec 16, 2010, 20:34 (0 Talkback[s])
"Work is ongoing on the system call fuzzer I wrote about last
month. Since I initially talked about it, it's found a few more
"CVE-2010-4256: Pipe fcntl local denial of service. The inode
struct in the kernel contains this union..
struct pipe_inode_info *i_pipe;
struct block_device *i_bdev;
struct cdev *i_cdev;
"A missing "is this a pipe" check in pipe_fcntl allowed a user
to perform pipe ioctl's on inodes that were not pipes. (ie,
block/char devs). Things blew up pretty quickly."