I’ve discovered my first denial-of-service bug in the linux kernel. I’m a bit teary eyed, not because the bug was in my own code, but it marks the first bug I’ve found in linux kernel code.
Not worth of a CVE or anything, because I still haven’t declared the code stable, and I don’t imagine many people use this thing just yet. But in the interest of full disclosure, here is information about the bug.
It’s caused by a recursive function when reporting denied executions, parent_task_walk(). You can view the code here:
Launch enough shells on top of each other, and then try to execute something in an un-trusted path, and BAM! You’ve just crashed the machine.
Recursive function in the linux kernel? What was I thinking? I wasn’t, actually, as my main goal with the project initially was proof-of-concept. Now that I’m actually using the thing in ad-hoc production environments, it’s time I search the code for problems. Well, I found one!
Since it’s late and I’m not going to fix it tonight, I opted to ask for what the best approach would be on stack overflow:
I’ll have a fix pushed out some time this week. It’ll be your thanksgiving present.