FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Ubuntu > Ubuntu Kernel Team

 
 
LinkBack Thread Tools
 
Old 05-25-2010, 10:19 PM
Kees Cook
 
Default Maverick pull request for cs-limit nx-emulation refresh

The following changes since commit 931fecb7a2d93bd931cf07bb2367bb545a3d557f:
Leann Ogasawara (1):
UBUNTU: Ubuntu-2.6.34-4.11

are available in the git repository at:

git://kernel.ubuntu.com/kees/ubuntu-maverick.git master

Kees Cook (6):
Revert "UBUNTU: SAUCE: x86: brk away from exec rand area"
Revert "UBUNTU: SAUCE: [um] Don't use nx_enabled under UML"
Revert "UBUNTU: SAUCE: [x86] implement cs-limit nx-emulation for ia32"
UBUNTU: SAUCE: x86: implement cs-limit nx-emulation for ia32
UBUNTU: SAUCE: x86: more tightly confine cs-limit nx-emulation to ia32 only
UBUNTU: SAUCE: x86: brk away from exec rand area

Loc Minier (1):
UBUNTU: SAUCE: [um] Don't use nx_enabled under UML

arch/x86/include/asm/paravirt_types.h | 2 +-
arch/x86/kernel/cpu/common.c | 7 ++++-
arch/x86/kernel/process.c | 2 +-
arch/x86/kernel/process_32.c | 6 +++-
arch/x86/kernel/traps.c | 40 +++++++++++++++++++++++---------
arch/x86/mm/mmap.c | 9 +++++-
arch/x86/mm/setup_nx.c | 14 +++++++++++
arch/x86/mm/tlb.c | 4 ++-
fs/binfmt_elf.c | 22 ++++++++++++++----
include/linux/mm.h | 8 ++----
include/linux/sched.h | 6 +++++
kernel/sysctl.c | 28 +++++++++++++++++++++++
mm/mmap.c | 12 +++++----
13 files changed, 125 insertions(+), 35 deletions(-)

--
Kees Cook
Ubuntu Security Team

--
kernel-team mailing list
kernel-team@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/kernel-team
 
Old 05-25-2010, 10:32 PM
Chase Douglas
 
Default Maverick pull request for cs-limit nx-emulation refresh

On Tue, 2010-05-25 at 15:19 -0700, Kees Cook wrote:
> The following changes since commit 931fecb7a2d93bd931cf07bb2367bb545a3d557f:
> Leann Ogasawara (1):
> UBUNTU: Ubuntu-2.6.34-4.11
>
> are available in the git repository at:
>
> git://kernel.ubuntu.com/kees/ubuntu-maverick.git master
>
> Kees Cook (6):
> Revert "UBUNTU: SAUCE: x86: brk away from exec rand area"
> Revert "UBUNTU: SAUCE: [um] Don't use nx_enabled under UML"
> Revert "UBUNTU: SAUCE: [x86] implement cs-limit nx-emulation for ia32"
> UBUNTU: SAUCE: x86: implement cs-limit nx-emulation for ia32
> UBUNTU: SAUCE: x86: more tightly confine cs-limit nx-emulation to ia32 only
> UBUNTU: SAUCE: x86: brk away from exec rand area
>
> Loc Minier (1):
> UBUNTU: SAUCE: [um] Don't use nx_enabled under UML

I'm just curious, what's the process for upstreaming security patches
like these? Are they sauce patches at first while we work with upstream
to get them merged there?

-- Chase


--
kernel-team mailing list
kernel-team@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/kernel-team
 
Old 05-25-2010, 10:43 PM
Kees Cook
 
Default Maverick pull request for cs-limit nx-emulation refresh

Hi,

On Tue, May 25, 2010 at 06:32:35PM -0400, Chase Douglas wrote:
> I'm just curious, what's the process for upstreaming security patches
> like these? Are they sauce patches at first while we work with upstream
> to get them merged there?

The nx-emulation stack is a little weird. My intention is to try
to upstream them again, but they have long been rejected as too much
of a hack (even though almost every distro carries some form of it).
At present, I and Kyle (at RedHat) try to share the patch (though I'm
still waiting for him to review and merge the "brk away from exec rand
area" patch, and I have to resend the "more tightly confine cs-limit
nx-emulation to ia32 only" bits too).

In general, though, I usually try to get these kinds of hardening patches
into upstream first (as I did with mmap_min_addr fix-ups, /proc/$pid/maps
protection, and AT_RANDOM). That way they flow into Ubuntu naturally.
In this case, Tim asked me at UDS to get the symlink, hardlink, and
ptrace stuff into Ubuntu immediately so it could get maximal exposure
from Alpha-1.

-Kees

--
Kees Cook
Ubuntu Security Team

--
kernel-team mailing list
kernel-team@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/kernel-team
 
Old 05-26-2010, 07:15 PM
Leann Ogasawara
 
Default Maverick pull request for cs-limit nx-emulation refresh

This is just a refresh/update of patches we're already carrying.
Applied to Maverick master.

Thanks,
Leann

On Tue, 2010-05-25 at 15:19 -0700, Kees Cook wrote:
> The following changes since commit 931fecb7a2d93bd931cf07bb2367bb545a3d557f:
> Leann Ogasawara (1):
> UBUNTU: Ubuntu-2.6.34-4.11
>
> are available in the git repository at:
>
> git://kernel.ubuntu.com/kees/ubuntu-maverick.git master
>
> Kees Cook (6):
> Revert "UBUNTU: SAUCE: x86: brk away from exec rand area"
> Revert "UBUNTU: SAUCE: [um] Don't use nx_enabled under UML"
> Revert "UBUNTU: SAUCE: [x86] implement cs-limit nx-emulation for ia32"
> UBUNTU: SAUCE: x86: implement cs-limit nx-emulation for ia32
> UBUNTU: SAUCE: x86: more tightly confine cs-limit nx-emulation to ia32 only
> UBUNTU: SAUCE: x86: brk away from exec rand area
>
> Loc Minier (1):
> UBUNTU: SAUCE: [um] Don't use nx_enabled under UML
>
> arch/x86/include/asm/paravirt_types.h | 2 +-
> arch/x86/kernel/cpu/common.c | 7 ++++-
> arch/x86/kernel/process.c | 2 +-
> arch/x86/kernel/process_32.c | 6 +++-
> arch/x86/kernel/traps.c | 40 +++++++++++++++++++++++---------
> arch/x86/mm/mmap.c | 9 +++++-
> arch/x86/mm/setup_nx.c | 14 +++++++++++
> arch/x86/mm/tlb.c | 4 ++-
> fs/binfmt_elf.c | 22 ++++++++++++++----
> include/linux/mm.h | 8 ++----
> include/linux/sched.h | 6 +++++
> kernel/sysctl.c | 28 +++++++++++++++++++++++
> mm/mmap.c | 12 +++++----
> 13 files changed, 125 insertions(+), 35 deletions(-)
>
> --
> Kees Cook
> Ubuntu Security Team
>



--
kernel-team mailing list
kernel-team@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/kernel-team
 

Thread Tools




All times are GMT. The time now is 09:37 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org