Mail archive
alpine-devel

Re: [alpine-devel] CVE-2016-5195: Local privilege escalation exploit in Linux kernel

From: Kevin M. Gallagher <kevingallagher_at_gmail.com>
Date: Fri, 21 Oct 2016 02:23:40 -0700

I just tried to execute the proof-of-concept on Alpine, and it didn't work
(the file is supposed to be overwritten). No grsec messages logged, but I
figure maybe it's not effective under grsecurity for some reason. Still a
good idea to patch anyway...

On Fri, Oct 21, 2016 at 1:50 AM, Kevin M. Gallagher <
kevingallagher_at_gmail.com> wrote:

> Great to hear. Thanks a lot, Natanael!
>
> On Fri, Oct 21, 2016 at 1:38 AM, Natanael Copa <ncopa_at_alpinelinux.org>
> wrote:
>
>> On Thu, 20 Oct 2016 21:53:03 -0700
>> "Kevin M. Gallagher" <kevingallagher_at_gmail.com> wrote:
>>
>> > Details:
>> >
>> > http://dirtycow.ninja/
>> > https://lkml.org/lkml/2016/10/19/860
>> >
>> > Proof of concept:
>> > https://github.com/dirtycow/dirtycow.github.io/blob/master/dirtyc0w.c
>> >
>> > I'm using Alpine Linux for a time-urgent and security-critical project
>> > happening this weekend, and would really like to see this fixed.
>> However,
>> > I'm not familiar with aports or the way you build kernels in Alpine. Is
>> > anyone available to update the kernel in linux-grsec in the 3.4-stable
>> > branch and/or backport the patch, sometime soon?
>>
>> Yes. Updated kernels will be available with an hour or two. At least
>> for edge and v3.4.
>>
>> -nc
>>
>
>




---
Unsubscribe:  alpine-devel+unsubscribe_at_lists.alpinelinux.org
Help:         alpine-devel+help_at_lists.alpinelinux.org
---

dirtycow_grsec.png
(image/png attachment: dirtycow_grsec.png)

Received on Fri Oct 21 2016 - 02:23:40 GMT