FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Debian > Debian User

 
 
LinkBack Thread Tools
 
Old 09-23-2010, 12:46 AM
Henrique de Moraes Holschuh
 
Default CVE 2010-3081 changes internal API

Of course, it helps if I actually use the correct address for the
debian-kernel ML...

On Wed, 22 Sep 2010, Henrique de Moraes Holschuh wrote:
> On Wed, 22 Sep 2010, Dan Serban wrote:
> > On 09/22/10 07:54, Henrique de Moraes Holschuh wrote:
> > >On Wed, 22 Sep 2010, Dan Serban wrote:
> > >>[1012115.235704] ipmi_devintf: Unknown symbol compat_alloc_user_space
> > >This module and the running kernel are not compatible with each other.
> >
> > <snip>
> >
> > So what you're telling me then, is that a bug needs to be filed
> > against the stable kernel? I can't see stable being stable when
> > modules won't load due to a security update. At least I'd assume
> > that a broken kernel implementation needs to be fixed.
>
> compat_alloc_user_space() is only used for syscalls AFAIK. The rule is: you
> do that, you have to track the kernel. In fact, it is now GPL-only (so, for
> example, fglrx needs to be modified as it is forbidden from using
> compat_alloc_user_space()).
>
> I'm adding a CC for the Debian kernel ML, just in case.
>
> Summary:
> compat_alloc_user_space() is now EXPORT_SYMBOL_GPL
> * cannot be used by fglrx and other non-GPL modules
> * using arch_compat_alloc_user_space() may reopen CVE-2010-3081
> if the non-GPL module doesn't do access_ok by itself
>
> compat_alloc_user_space() moved from asm/compat.h to linux/compat.h
> * requires #include changes on out-of-tree modules that use
> compat_alloc_user_space() for them to build
>
> > OT: I've found about 4 major bugs with the lenny implementation
> > running in different server roles. Mainly things that have been
>
> File bugs. Provide as much information as you can, the most useful being
> the commits that you want backported, but if you don't know that, at least
> full descriptions of the problem, how to reproduce, and what kernel version
> you know fixed it would be helpful.
>
> > While I do understand and agree with the "no need to fix it if it
> > a'int broken" mentality, does that mean that lenny does not get
> > patched/bugfixed... just security updates?
>
> No. It does get patched/bugfixed. That's why we have "point releases", and
> that's why it is at 5.0.6 (sixth point release) right now. But you usually
> have to prod maintainers to fix something on stable, unless it is a very big
> issue or a security issue.

--
"One disk to rule them all, One disk to find them. One disk to bring
them all and in the darkness grind them. In the Land of Redmond
where the shadows lie." -- The Silicon Valley Tarot
Henrique Holschuh


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 20100923004650.GB16462@khazad-dum.debian.net">http://lists.debian.org/20100923004650.GB16462@khazad-dum.debian.net
 
Old 09-23-2010, 12:46 AM
Henrique de Moraes Holschuh
 
Default CVE 2010-3081 changes internal API

Of course, it helps if I actually use the correct address for the
debian-kernel ML...

On Wed, 22 Sep 2010, Henrique de Moraes Holschuh wrote:
> On Wed, 22 Sep 2010, Dan Serban wrote:
> > On 09/22/10 07:54, Henrique de Moraes Holschuh wrote:
> > >On Wed, 22 Sep 2010, Dan Serban wrote:
> > >>[1012115.235704] ipmi_devintf: Unknown symbol compat_alloc_user_space
> > >This module and the running kernel are not compatible with each other.
> >
> > <snip>
> >
> > So what you're telling me then, is that a bug needs to be filed
> > against the stable kernel? I can't see stable being stable when
> > modules won't load due to a security update. At least I'd assume
> > that a broken kernel implementation needs to be fixed.
>
> compat_alloc_user_space() is only used for syscalls AFAIK. The rule is: you
> do that, you have to track the kernel. In fact, it is now GPL-only (so, for
> example, fglrx needs to be modified as it is forbidden from using
> compat_alloc_user_space()).
>
> I'm adding a CC for the Debian kernel ML, just in case.
>
> Summary:
> compat_alloc_user_space() is now EXPORT_SYMBOL_GPL
> * cannot be used by fglrx and other non-GPL modules
> * using arch_compat_alloc_user_space() may reopen CVE-2010-3081
> if the non-GPL module doesn't do access_ok by itself
>
> compat_alloc_user_space() moved from asm/compat.h to linux/compat.h
> * requires #include changes on out-of-tree modules that use
> compat_alloc_user_space() for them to build
>
> > OT: I've found about 4 major bugs with the lenny implementation
> > running in different server roles. Mainly things that have been
>
> File bugs. Provide as much information as you can, the most useful being
> the commits that you want backported, but if you don't know that, at least
> full descriptions of the problem, how to reproduce, and what kernel version
> you know fixed it would be helpful.
>
> > While I do understand and agree with the "no need to fix it if it
> > a'int broken" mentality, does that mean that lenny does not get
> > patched/bugfixed... just security updates?
>
> No. It does get patched/bugfixed. That's why we have "point releases", and
> that's why it is at 5.0.6 (sixth point release) right now. But you usually
> have to prod maintainers to fix something on stable, unless it is a very big
> issue or a security issue.

--
"One disk to rule them all, One disk to find them. One disk to bring
them all and in the darkness grind them. In the Land of Redmond
where the shadows lie." -- The Silicon Valley Tarot
Henrique Holschuh


--
To UNSUBSCRIBE, email to debian-kernel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 20100923004650.GB16462@khazad-dum.debian.net">http://lists.debian.org/20100923004650.GB16462@khazad-dum.debian.net
 

Thread Tools




All times are GMT. The time now is 04:37 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org