Andreas Kling a131927c75 Kernel: sys$munmap() region splitting did not preserve "shared" flag ...

This was exploitable since the shared flag determines whether inode
permission checks are applied in sys$mprotect().

The bug was pretty hard to spot due to default arguments being used
instead. This patch removes the default arguments to make explicit
at each call site what's being done.

2021-01-26 18:35:04 +01:00

29 KiB

Raw Blame History

View Raw