Linux Archive

Linux Archive (http://www.linux-archive.org/)
-   Debian User (http://www.linux-archive.org/debian-user/)
-   -   CVE 2010-3081 changes internal API (http://www.linux-archive.org/debian-user/430610-cve-2010-3081-changes-internal-api.html)

Henrique de Moraes Holschuh 09-22-2010 11:56 PM

CVE 2010-3081 changes internal API
 
On Wed, 22 Sep 2010, Dan Serban wrote:
> On 09/22/10 07:54, Henrique de Moraes Holschuh wrote:
> >On Wed, 22 Sep 2010, Dan Serban wrote:
> >>[1012115.235704] ipmi_devintf: Unknown symbol compat_alloc_user_space
> >This module and the running kernel are not compatible with each other.
>
> <snip>
>
> So what you're telling me then, is that a bug needs to be filed
> against the stable kernel? I can't see stable being stable when
> modules won't load due to a security update. At least I'd assume
> that a broken kernel implementation needs to be fixed.

compat_alloc_user_space() is only used for syscalls AFAIK. The rule is: you
do that, you have to track the kernel. In fact, it is now GPL-only (so, for
example, fglrx needs to be modified as it is forbidden from using
compat_alloc_user_space()).

I'm adding a CC for the Debian kernel ML, just in case.

Summary:
compat_alloc_user_space() is now EXPORT_SYMBOL_GPL
* cannot be used by fglrx and other non-GPL modules
* using arch_compat_alloc_user_space() may reopen CVE-2010-3081
if the non-GPL module doesn't do access_ok by itself

compat_alloc_user_space() moved from asm/compat.h to linux/compat.h
* requires #include changes on out-of-tree modules that use
compat_alloc_user_space() for them to build

> OT: I've found about 4 major bugs with the lenny implementation
> running in different server roles. Mainly things that have been

File bugs. Provide as much information as you can, the most useful being
the commits that you want backported, but if you don't know that, at least
full descriptions of the problem, how to reproduce, and what kernel version
you know fixed it would be helpful.

> While I do understand and agree with the "no need to fix it if it
> a'int broken" mentality, does that mean that lenny does not get
> patched/bugfixed... just security updates?

No. It does get patched/bugfixed. That's why we have "point releases", and
that's why it is at 5.0.6 (sixth point release) right now. But you usually
have to prod maintainers to fix something on stable, unless it is a very big
issue or a security issue.

--
"One disk to rule them all, One disk to find them. One disk to bring
them all and in the darkness grind them. In the Land of Redmond
where the shadows lie." -- The Silicon Valley Tarot
Henrique Holschuh


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 20100922235608.GA16462@khazad-dum.debian.net">http://lists.debian.org/20100922235608.GA16462@khazad-dum.debian.net


All times are GMT. The time now is 07:05 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.