Re: [alpine-devel] CVE-2016-5195: Local privilege escalation exploit in Linux kernel
I just tried to execute the proof-of-concept on Alpine, and it didn't work
(the file is supposed to be overwritten). No grsec messages logged, but I
figure maybe it's not effective under grsecurity for some reason. Still a
good idea to patch anyway...
On Fri, Oct 21, 2016 at 1:50 AM, Kevin M. Gallagher <
> Great to hear. Thanks a lot, Natanael!
> On Fri, Oct 21, 2016 at 1:38 AM, Natanael Copa <ncopa_at_alpinelinux.org>
>> On Thu, 20 Oct 2016 21:53:03 -0700
>> "Kevin M. Gallagher" <kevingallagher_at_gmail.com> wrote:
>> > Details:
>> > http://dirtycow.ninja/
>> > https://lkml.org/lkml/2016/10/19/860
>> > Proof of concept:
>> > https://github.com/dirtycow/dirtycow.github.io/blob/master/dirtyc0w.c
>> > I'm using Alpine Linux for a time-urgent and security-critical project
>> > happening this weekend, and would really like to see this fixed.
>> > I'm not familiar with aports or the way you build kernels in Alpine. Is
>> > anyone available to update the kernel in linux-grsec in the 3.4-stable
>> > branch and/or backport the patch, sometime soon?
>> Yes. Updated kernels will be available with an hour or two. At least
>> for edge and v3.4.
Received on Fri Oct 21 2016 - 02:23:40 UTC