FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Ubuntu > Ubuntu Kernel Team

 
 
LinkBack Thread Tools
 
Old 07-21-2011, 01:13 PM
Andy Whitcroft
 
Default fix races on various /proc files

CVE-2011-1020
The proc filesystem implementation in the Linux kernel 2.6.37 and
earlier does not restrict access to the /proc directory tree of a
process after this process performs an exec of a setuid program,
which allows local users to obtain sensitive information or cause
a denial of service via open, lseek, read, and write system calls.

These have been fixed in oneiric via mainline. Following this email are
patch sets as below:

1) hardy -- of the five origin commits two apply to /proc files which have
yet to be creaed on hardy. The other three are simple additional checks
against ptrace as the exec locking is not yet present. This patch
represents the biggest backport and deserves most scrutiny.

2) lucid,lucid/fsl-imx51 -- two of the patches are simple cherry-picks,
the rest required mindor porting.

3) maverick,maverick/ti-omap4 -- mostly simple cherry-picks, with some
modifications to follow locking naming changes.

4) natty,natty/ti-omap4 -- mostly simple cherry-picks, the last patch
did require minor porting due to a printk format change.

All other branches are derivative of one of these.

I have built and booted kernels against master for all affected releases
(this covers all of the patch sets). I tested before and after with the
PoC from the original report and the hole seems closed:

https://lkml.org/lkml/2011/2/7/368

Proposing for hardy, lucid, lucid/fsl-imx51, maverick, maverick/ti-omap4,
natty, and natty/ti-omap4.

-apw

--
kernel-team mailing list
kernel-team@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/kernel-team
 
Old 07-21-2011, 02:09 PM
Stefan Bader
 
Default fix races on various /proc files

On 21.07.2011 15:13, Andy Whitcroft wrote:
> CVE-2011-1020
> The proc filesystem implementation in the Linux kernel 2.6.37 and
> earlier does not restrict access to the /proc directory tree of a
> process after this process performs an exec of a setuid program,
> which allows local users to obtain sensitive information or cause
> a denial of service via open, lseek, read, and write system calls.
>
> These have been fixed in oneiric via mainline. Following this email are
> patch sets as below:
>
> 1) hardy -- of the five origin commits two apply to /proc files which have
> yet to be creaed on hardy. The other three are simple additional checks
> against ptrace as the exec locking is not yet present. This patch
> represents the biggest backport and deserves most scrutiny.
>
> 2) lucid,lucid/fsl-imx51 -- two of the patches are simple cherry-picks,
> the rest required mindor porting.
>
> 3) maverick,maverick/ti-omap4 -- mostly simple cherry-picks, with some
> modifications to follow locking naming changes.
>
> 4) natty,natty/ti-omap4 -- mostly simple cherry-picks, the last patch
> did require minor porting due to a printk format change.
>
> All other branches are derivative of one of these.
>
> I have built and booted kernels against master for all affected releases
> (this covers all of the patch sets). I tested before and after with the
> PoC from the original report and the hole seems closed:
>
> https://lkml.org/lkml/2011/2/7/368
>
> Proposing for hardy, lucid, lucid/fsl-imx51, maverick, maverick/ti-omap4,
> natty, and natty/ti-omap4.
>
> -apw
>
Agreeably there may exist a tiny window where the check does not catch things on
Hardy. But I think it is really tiny. And much better than not to check at all
or trying to get all that locking back there...

Acked-by: Stefan Bader <stefan.bader@canonical.com>

--
kernel-team mailing list
kernel-team@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/kernel-team
 
Old 07-21-2011, 02:09 PM
Stefan Bader
 
Default fix races on various /proc files

On 21.07.2011 15:13, Andy Whitcroft wrote:
> CVE-2011-1020
> The proc filesystem implementation in the Linux kernel 2.6.37 and
> earlier does not restrict access to the /proc directory tree of a
> process after this process performs an exec of a setuid program,
> which allows local users to obtain sensitive information or cause
> a denial of service via open, lseek, read, and write system calls.
>
> These have been fixed in oneiric via mainline. Following this email are
> patch sets as below:
>
> 1) hardy -- of the five origin commits two apply to /proc files which have
> yet to be creaed on hardy. The other three are simple additional checks
> against ptrace as the exec locking is not yet present. This patch
> represents the biggest backport and deserves most scrutiny.
>
> 2) lucid,lucid/fsl-imx51 -- two of the patches are simple cherry-picks,
> the rest required mindor porting.
>
> 3) maverick,maverick/ti-omap4 -- mostly simple cherry-picks, with some
> modifications to follow locking naming changes.
>
> 4) natty,natty/ti-omap4 -- mostly simple cherry-picks, the last patch
> did require minor porting due to a printk format change.
>
> All other branches are derivative of one of these.
>
> I have built and booted kernels against master for all affected releases
> (this covers all of the patch sets). I tested before and after with the
> PoC from the original report and the hole seems closed:
>
> https://lkml.org/lkml/2011/2/7/368
>
> Proposing for hardy, lucid, lucid/fsl-imx51, maverick, maverick/ti-omap4,
> natty, and natty/ti-omap4.
>
> -apw
>
Agreeably there may exist a tiny window where the check does not catch things on
Hardy. But I think it is really tiny. And much better than not to check at all
or trying to get all that locking back there...

Acked-by: Stefan Bader <stefan.bader@canonical.com>

--
kernel-team mailing list
kernel-team@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/kernel-team
 

Thread Tools




All times are GMT. The time now is 04:31 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org