latest kernel exploit patch for vmsplice coming?
On Sun, 2008-02-10 at 23:41 +0200, pageexec@freemail.hu wrote:
> On 10 Feb 2008 at 22:32, Alex Howells wrote: > > > I wasn't sure we needed a special patch? > > it's a kernel bug so it obviously needs a patch, a fix is in the linus > tree now, i guess it'll be backported quickly. > > > Every single box I've tried this exploit on ranging from > > hardened-sources-2.6.17 through to hardened-sources-2.6.23, its been > > nailed. Could just be my kernel configuration? > > UDEREF prevents exploitation for good, even KERNEXEC alone would > prevent the kind of code execution that this exploit relies on. FYI everybody... Look at that.. A properly configured host using PaX the way the PaX Team suggests prevents this and may other types of bugs. Anyway for those of you not using PaX the way it's suggested to use (which also happens to be Hardened defaults) then you could/should consider this patch if you have local users which are not trusted. http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=712a30e63c8066ed84385b12edb fb804f49cbc44 After patching a user tried >10000 iterations of both exploits and everything appeared to be fine. For those of you looking for a quick work around for your production servers and don't/can't reboot just quite yet.. Md of freenode offers this runtime kernel module. 11:32 < Md> reminder: please do not hurry to reboot your linux servers, http://www.linux.it/~md/software/novmsplice.tgz is a kernel module which disables the system calls used by the exploit The current exploit while not appearing to work can result in a DoS The feature uderef catches it... but yesterday a user while in testing executed the exploit many many times. At 943rd execution the system froze. We are told that while unfortunately when the bug is triggered, the kernel holds locks and due to uderef catching it, and the kernel will also kill the task. It would do so regardless of uderef if the ptr it dereferences isn't mapped memory. ---------------- More FYI.. Hardened is nearly dead in respects to the hardened-profile/hardened-toolchain/hardened-kernel. It does not have to die but we are in a bit of a catch-22. I'm the last dev really watching over those things. Everybody else has retired and moved on in life. I'm starting to do the same. Weekend and evening hobbies of other interest are starting to take priority. So the catch-22 is that hardened needs more devs+proxies and or to be re-evaluated.. The kicker is that I don't really have the spare time to mentor new people. So... Any of you that want to help this project continue. Please stop by #gentoo-hardened on freenode and offer whatever help you can that fit within your skill traits (self motivated ppl++). -- Ned Ludd <solar@gentoo.org> -- gentoo-hardened@lists.gentoo.org mailing list Mon Feb 11 02:30:17 2008 Return-path: <ubuntu-desktop-bounces@lists.ubuntu.com> Envelope-to: tom@linux-archive.org Delivery-date: Mon, 11 Feb 2008 02:29:21 -0600 Received: from chlorine.canonical.com ([91.189.94.204]) by server.java-tips.org with esmtp (Exim 4.68) (envelope-from <ubuntu-desktop-bounces@lists.ubuntu.com>) id 1JOU2P-0002C0-0A for tom@linux-archive.org; Mon, 11 Feb 2008 02:29:17 -0600 Received: from localhost ([127.0.0.1] helo=chlorine.canonical.com) by chlorine.canonical.com with esmtp (Exim 4.60) (envelope-from <ubuntu-desktop-bounces@lists.ubuntu.com>) id 1JOU2G-0004HT-61; Mon, 11 Feb 2008 08:29:08 +0000 Received: from fg-out-1718.google.com ([72.14.220.155]) by chlorine.canonical.com with esmtp (Exim 4.60) (envelope-from <ubuntu@bugabundo.net>) id 1JOTwS-0003qM-7K for ubuntu-desktop@lists.ubuntu.com; Mon, 11 Feb 2008 08:23:08 +0000 Received: by fg-out-1718.google.com with SMTP id d23so4642028fga.34 for <ubuntu-desktop@lists.ubuntu.com>; Mon, 11 Feb 2008 00:23:08 -0800 (PST) Received: by 10.86.58.3 with SMTP id g3mr14925829fga.1.1202718187868; Mon, 11 Feb 2008 00:23:07 -0800 (PST) Received: from rhino.local ( [194.79.72.220]) by mx.google.com with ESMTPS id 4sm28106347fgg.4.2008.02.11.00.23.06 (version=TLSv1/SSLv3 cipher=OTHER); Mon, 11 Feb 2008 00:23:06 -0800 (PST) Organization: http://BUGabundo.net To: ubuntu-desktop@lists.ubuntu.com Subject: Re: Standardized home directories (was: Use a general ~Downloads-folder for all applications.) Date: Sat, 9 Feb 2008 11:44:53 +0000 User-Agent: KMail/1.9.6 (enterprise 0.20080118.763038) References: <77ee53dc0802060249h43d9c447x71856c42c66440ee@mail .gmail.com> In-Reply-To: <77ee53dc0802060249h43d9c447x71856c42c66440ee@mail .gmail.com> MIME-Version: 1.0 Message-Id: <200802091145.04414.Ubuntu@bugabundo.net> From: "(=?utf-8?q?=60=60-=5F-=C2=B4=C2=B4?=) -- Fernando" <ubuntu@bugabundo.net> X-BeenThere: ubuntu-desktop@lists.ubuntu.com X-Mailman-Version: 2.1.8 Precedence: list Reply-To: Ubuntu@bugabundo.net, Ubuntu-reply@bugabundo.net, ubuntu-desktop@lists.ubuntu.com List-Id: Desktop Team co-ordination and discussion <ubuntu-desktop.lists.ubuntu.com> List-Unsubscribe: <https://lists.ubuntu.com/mailman/listinfo/ubuntu-desktop>, <mailto:ubuntu-desktop-request@lists.ubuntu.com?subject=unsubscribe> List-Archive: <https://lists.ubuntu.com/archives/ubuntu-desktop> List-Post: <mailto:ubuntu-desktop@lists.ubuntu.com> List-Help: <mailto:ubuntu-desktop-request@lists.ubuntu.com?subject=help> List-Subscribe: <https://lists.ubuntu.com/mailman/listinfo/ubuntu-desktop>, <mailto:ubuntu-desktop-request@lists.ubuntu.com?subject=subscribe> Content-Type: multipart/mixed; boundary="===============9185695140244725477==" Mime-version: 1.0 Sender: ubuntu-desktop-bounces@lists.ubuntu.com Errors-To: ubuntu-desktop-bounces@lists.ubuntu.com --===============9185695140244725477== Content-Type: multipart/signed; boundary="nextPart2615249.SFAGq69RUN"; protocol="application/pgp-signature"; micalg=pgp-sha1 Content-Transfer-Encoding: 7bit --nextPart2615249.SFAGq69RUN Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline On Wednesday 06 February 2008 10:49:17 Bogdan Butnaru wrote: > I'd like to see the mess in ~ organized by purpose. The structure I'm > thinking of would have a (small) set of directories. Each application > would create a file or a folder with its name in each folder it needs. +1 Please, open a wiki, or bug, so I can track progress on this. =2D-=20 BUGabundo :o) (``-_-=C2=B4=C2=B4) http://Ubuntu.BUGabundo.net Linux user #443786 GPG key 1024D/A1784EBB My new micro-blog @ http://BUGabundo.net ps. My emails tend to sound authority and aggressive. I'm sorry in advance.= I'll try to be more assertive as time goes by... --nextPart2615249.SFAGq69RUN Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQBHrZJAcV4wzCrhCcoRAtPbAJ0ez4mjScGoxQ1WgPiH20/OJSU1rQCfdNcS kfUscZDC3I7RsVTK+/M9EwA= =vjm7 -----END PGP SIGNATURE----- --nextPart2615249.SFAGq69RUN-- --===============9185695140244725477== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline -- ubuntu-desktop mailing list ubuntu-desktop@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-desktop --===============9185695140244725477==-- Mon Feb 11 02:30:27 2008 Return-path: <ubuntu-desktop-bounces@lists.ubuntu.com> Envelope-to: tom@linux-archive.org Delivery-date: Mon, 11 Feb 2008 02:29:32 -0600 Received: from chlorine.canonical.com ([91.189.94.204]) by server.java-tips.org with esmtp (Exim 4.68) (envelope-from <ubuntu-desktop-bounces@lists.ubuntu.com>) id 1JOU2c-0002CH-3a for tom@linux-archive.org; Mon, 11 Feb 2008 02:29:30 -0600 Received: from localhost ([127.0.0.1] helo=chlorine.canonical.com) by chlorine.canonical.com with esmtp (Exim 4.60) (envelope-from <ubuntu-desktop-bounces@lists.ubuntu.com>) id 1JOU2S-0004Iy-3Z; Mon, 11 Feb 2008 08:29:20 +0000 Received: from fg-out-1718.google.com ([72.14.220.155]) by chlorine.canonical.com with esmtp (Exim 4.60) (envelope-from <ubuntu@bugabundo.net>) id 1JOTwV-0003qM-LO for ubuntu-desktop@lists.ubuntu.com; Mon, 11 Feb 2008 08:23:11 +0000 Received: by fg-out-1718.google.com with SMTP id d23so4642028fga.34 for <ubuntu-desktop@lists.ubuntu.com>; Mon, 11 Feb 2008 00:23:11 -0800 (PST) Received: by 10.86.25.17 with SMTP id 17mr14876820fgy.73.1202718191411; Mon, 11 Feb 2008 00:23:11 -0800 (PST) Received: from rhino.local ( [194.79.72.220]) by mx.google.com with ESMTPS id 4sm28106347fgg.4.2008.02.11.00.23.10 (version=TLSv1/SSLv3 cipher=OTHER); Mon, 11 Feb 2008 00:23:10 -0800 (PST) Organization: http://BUGabundo.net To: ubuntu-desktop@lists.ubuntu.com Subject: Re: Getting a usability patch into gnome-panel package? Date: Sat, 9 Feb 2008 11:51:53 +0000 User-Agent: KMail/1.9.6 (enterprise 0.20080118.763038) References: <1202328365.6960.40.camel@addiction> <1202391562.6909.15.camel@addiction> <1202408314.17529.36.camel@localhost> In-Reply-To: <1202408314.17529.36.camel@localhost> MIME-Version: 1.0 Message-Id: <200802091151.53603.Ubuntu@bugabundo.net> From: "(=?utf-8?q?=60=60-=5F-=C2=B4=C2=B4?=) -- Fernando" <ubuntu@bugabundo.net> X-BeenThere: ubuntu-desktop@lists.ubuntu.com X-Mailman-Version: 2.1.8 Precedence: list Reply-To: Ubuntu@bugabundo.net, Ubuntu-reply@bugabundo.net, ubuntu-desktop@lists.ubuntu.com List-Id: Desktop Team co-ordination and discussion <ubuntu-desktop.lists.ubuntu.com> List-Unsubscribe: <https://lists.ubuntu.com/mailman/listinfo/ubuntu-desktop>, <mailto:ubuntu-desktop-request@lists.ubuntu.com?subject=unsubscribe> List-Archive: <https://lists.ubuntu.com/archives/ubuntu-desktop> List-Post: <mailto:ubuntu-desktop@lists.ubuntu.com> List-Help: <mailto:ubuntu-desktop-request@lists.ubuntu.com?subject=help> List-Subscribe: <https://lists.ubuntu.com/mailman/listinfo/ubuntu-desktop>, <mailto:ubuntu-desktop-request@lists.ubuntu.com?subject=subscribe> Content-Type: multipart/mixed; boundary="===============8233361495051496548==" Mime-version: 1.0 Sender: ubuntu-desktop-bounces@lists.ubuntu.com Errors-To: ubuntu-desktop-bounces@lists.ubuntu.com --===============8233361495051496548== Content-Type: multipart/signed; boundary="nextPart2229507.CgSA4S2SFt"; protocol="application/pgp-signature"; micalg=pgp-sha1 Content-Transfer-Encoding: 7bit --nextPart2229507.CgSA4S2SFt Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline On Thursday 07 February 2008 18:18:34 Jan Claeys wrote: > Middle click + drag moves panel applets too (if they aren't locked). > --=20 > Jan Claeys Thanks for the tip, I didn't know about that. =2D-=20 BUGabundo :o) (``-_-=C2=B4=C2=B4) http://Ubuntu.BUGabundo.net Linux user #443786 GPG key 1024D/A1784EBB My new micro-blog @ http://BUGabundo.net ps. My emails tend to sound authority and aggressive. I'm sorry in advance.= I'll try to be more assertive as time goes by... --nextPart2229507.CgSA4S2SFt Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQBHrZPZcV4wzCrhCcoRAvGJAKC6nyVm8ChpmU3WSrkQtn lIYsEtRwCgrhLW CvIcG4Ad9S+2QI6ucYrr0pg= =hke2 -----END PGP SIGNATURE----- --nextPart2229507.CgSA4S2SFt-- --===============8233361495051496548== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline -- ubuntu-desktop mailing list ubuntu-desktop@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-desktop --===============8233361495051496548==-- |
latest kernel exploit patch for vmsplice coming?
On Sun, 2008-02-10 at 23:41 +0200, pageexec@freemail.hu wrote:
> On 10 Feb 2008 at 22:32, Alex Howells wrote: > > > I wasn't sure we needed a special patch? > > it's a kernel bug so it obviously needs a patch, a fix is in the linus > tree now, i guess it'll be backported quickly. > > > Every single box I've tried this exploit on ranging from > > hardened-sources-2.6.17 through to hardened-sources-2.6.23, its been > > nailed. Could just be my kernel configuration? > > UDEREF prevents exploitation for good, even KERNEXEC alone would > prevent the kind of code execution that this exploit relies on. I tried the patch on various systems. The grsecurity patches does protect this kind of issues. This is is a real life example of why grsecurity is good for you. Thanks! -nc -- gentoo-hardened@lists.gentoo.org mailing list |
latest kernel exploit patch for vmsplice coming?
Ned Ludd kirjoitti:
On Sun, 2008-02-10 at 23:41 +0200, pageexec@freemail.hu wrote: More FYI.. Hardened is nearly dead in respects to the hardened-profile/hardened-toolchain/hardened-kernel. It does not have to die but we are in a bit of a catch-22. I'm the last dev really watching over those things. Everybody else has retired and moved on in life. I'm starting to do the same. Weekend and evening hobbies of other interest are starting to take priority. So the catch-22 is that hardened needs more devs+proxies and or to be re-evaluated.. The kicker is that I don't really have the spare time to mentor new people. So... Any of you that want to help this project continue. Please stop by #gentoo-hardened on freenode and offer whatever help you can that fit within your skill traits (self motivated ppl++). Finding mentors should not hold up things. Please contact recruiters if you need someone to track down mentors for you. Regards, Petteri |
latest kernel exploit patch for vmsplice coming?
On Monday 11 February 2008, Ned Ludd wrote:
> Thanks.. kerframil,PaX Team and all others. I'd like to thank you Solar as well, you've done a lot of great work on hardened over the years and I'm still using hardened-sources on most of my boxes :). Thanks. In an ideal world I would also offer my help but atm I have more than enough to do for the security team and not to mention RL. Lastly I'd like to thank all helping carry hardened forward! -- Sune Kloppenborg Jeppesen Gentoo Linux Security Team -- gentoo-hardened@lists.gentoo.org mailing list |
latest kernel exploit patch for vmsplice coming?
Anyone, can send me compiled exploit? i tests my hardened hosts
my gcc cannot compile sources -- gentoo-hardened@lists.gentoo.org mailing list |
latest kernel exploit patch for vmsplice coming?
Hi!
On Tue, Feb 12, 2008 at 08:27:21AM +0100, Natanael Copa wrote: > Attatched is a slightly modified version of the exploit that should > compile for you. (uses sysconf(_SC_PAGE_SIZE) rather than PAGE_SIZE from > asm/page.h) Actually, such sort of mistakes in exploits exists just to prevent it compiling by people who unable to fix it, so it isn't really good idea to post fixed version in public maillist - at least you can send it using private email. Anyway, this exploit doesn't work as 'local root' on my '2.6.20-hardened-r10 SMP' - but looks like it leak some kernel memory on each execution, so running it in a `while :; do ...; done` will result in hang in about a minute, so it at least 'local DoS' exploit. Is there any plans to backport patch for this bug to .20 hardened kernel? I'm not upgraded yet to .23 kernel because of few issues with PaX mentioned in this maillist in last months... :( -- WBR, Alex. -- gentoo-hardened@lists.gentoo.org mailing list |
latest kernel exploit patch for vmsplice coming?
On Tue, 2008-02-12 at 09:46 +0200, Alex Efros wrote:
> Hi! > > On Tue, Feb 12, 2008 at 08:27:21AM +0100, Natanael Copa wrote: > > Attatched is a slightly modified version of the exploit that should > > compile for you. (uses sysconf(_SC_PAGE_SIZE) rather than PAGE_SIZE from > > asm/page.h) > > Actually, such sort of mistakes in exploits exists just to prevent it > compiling by people who unable to fix it, you mean ppl like you? it could also be that this code is very old as explained in the comment in the header and used to work. > so it isn't really good idea to > post fixed version in public maillist - at least you can send it using > private email. how do i know that you are not a "bad" guy that are "not supposed" to be able to compile it? > Anyway, this exploit doesn't work as 'local root' on my > '2.6.20-hardened-r10 SMP' - but looks like it leak some kernel memory on > each execution, so running it in a `while :; do ...; done` will result in > hang in about a minute, so it at least 'local DoS' exploit. > > Is there any plans to backport patch for this bug to .20 hardened kernel? > I'm not upgraded yet to .23 kernel because of few issues with PaX > mentioned in this maillist in last months... :( This one should apply or you can apply it manually. http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=712a30e63c8066ed84385b12edb fb804f49cbc44 > -- > WBR, Alex. -- gentoo-hardened@lists.gentoo.org mailing list |
latest kernel exploit patch for vmsplice coming?
On Tue, 2008-02-12 at 13:37 +0500, ΠΠ»Π΅ΠΊΡΠ΅ΠΉ ΠΠ΅ΡΠΎΠ²ΡΠΊΠΈΠΉ wrote:
> I'am not root. I'am sure so the hardened kernel protects you. congrats! you might still want to apply the patch that fixes the problem. -nc -- gentoo-hardened@lists.gentoo.org mailing list |
| All times are GMT. The time now is 06:48 AM. |
VBulletin, Copyright ©2000 - 2013, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.