<CABXMHjXy0Su3Copu5hBOdq=dwt4ET9KJD3WE-_ca+niyEnxsTg@mail.gmail.com>
Details: http://dirtycow.ninja/ https://lkml.org/lkml/2016/10/19/860 Proof of concept: https://github.com/dirtycow/dirtycow.github.io/blob/master/dirtyc0w.c I'm using Alpine Linux for a time-urgent and security-critical project happening this weekend, and would really like to see this fixed. However, I'm not familiar with aports or the way you build kernels in Alpine. Is anyone available to update the kernel in linux-grsec in the 3.4-stable branch and/or backport the patch, sometime soon? best, Kevin
<CABXMHjXs_tmFApb=3MDK+-3HyNRyZ-AFSocLwog-wS0B9Qj63g@mail.gmail.com>
<20161021103807.707115f3@ncopa-desktop.copa.dup.pw>
(view parent)
Great to hear. Thanks a lot, Natanael! On Fri, Oct 21, 2016 at 1:38 AM, Natanael Copa <ncopa@alpinelinux.org> wrote: > On Thu, 20 Oct 2016 21:53:03 -0700 > "Kevin M. Gallagher" <kevingallagher@gmail.com> wrote: > > > Details: > > > > http://dirtycow.ninja/ > > https://lkml.org/lkml/2016/10/19/860 > > > > Proof of concept: > > https://github.com/dirtycow/dirtycow.github.io/blob/master/dirtyc0w.c > > > > I'm using Alpine Linux for a time-urgent and security-critical project > > happening this weekend, and would really like to see this fixed. However, > > I'm not familiar with aports or the way you build kernels in Alpine. Is > > anyone available to update the kernel in linux-grsec in the 3.4-stable > > branch and/or backport the patch, sometime soon? > > Yes. Updated kernels will be available with an hour or two. At least > for edge and v3.4. > > -nc >
<CABXMHjWT-8PKAraRmZSvsEunNMGSXLsb4njaARXotM=fw4PnjA@mail.gmail.com>
<CABXMHjXs_tmFApb=3MDK+-3HyNRyZ-AFSocLwog-wS0B9Qj63g@mail.gmail.com>
(view parent)
I just tried to execute the proof-of-concept on Alpine, and it didn't work (the file is supposed to be overwritten). No grsec messages logged, but I figure maybe it's not effective under grsecurity for some reason. Still a good idea to patch anyway... On Fri, Oct 21, 2016 at 1:50 AM, Kevin M. Gallagher < kevingallagher@gmail.com> wrote: > Great to hear. Thanks a lot, Natanael! > > On Fri, Oct 21, 2016 at 1:38 AM, Natanael Copa <ncopa@alpinelinux.org> > wrote: > >> On Thu, 20 Oct 2016 21:53:03 -0700 >> "Kevin M. Gallagher" <kevingallagher@gmail.com> wrote: >> >> > Details: >> > >> > http://dirtycow.ninja/ >> > https://lkml.org/lkml/2016/10/19/860 >> > >> > Proof of concept: >> > https://github.com/dirtycow/dirtycow.github.io/blob/master/dirtyc0w.c >> > >> > I'm using Alpine Linux for a time-urgent and security-critical project >> > happening this weekend, and would really like to see this fixed. >> However, >> > I'm not familiar with aports or the way you build kernels in Alpine. Is >> > anyone available to update the kernel in linux-grsec in the 3.4-stable >> > branch and/or backport the patch, sometime soon? >> >> Yes. Updated kernels will be available with an hour or two. At least >> for edge and v3.4. >> >> -nc >> > >
<20161021083033.2368d30b@vostro.util.wtbts.net>
<CABXMHjXy0Su3Copu5hBOdq=dwt4ET9KJD3WE-_ca+niyEnxsTg@mail.gmail.com>
(view parent)
Hi, On Thu, 20 Oct 2016 21:53:03 -0700 "Kevin M. Gallagher" <kevingallagher@gmail.com> wrote: > Details: > > http://dirtycow.ninja/ > https://lkml.org/lkml/2016/10/19/860 > > Proof of concept: > https://github.com/dirtycow/dirtycow.github.io/blob/master/dirtyc0w.c > > I'm using Alpine Linux for a time-urgent and security-critical project > happening this weekend, and would really like to see this fixed. > However, I'm not familiar with aports or the way you build kernels in > Alpine. Is anyone available to update the kernel in linux-grsec in > the 3.4-stable branch and/or backport the patch, sometime soon? Depending on CVE extent we sometimes cherry-pick fixes. But this seems bad enough that they released new upstream kernels with pretty much nothing else than this fix. So we'll be upgrading to them shortly. Thanks. Timo --- Unsubscribe: alpine-devel+unsubscribe@lists.alpinelinux.org Help: alpine-devel+help@lists.alpinelinux.org ---
<20161021103807.707115f3@ncopa-desktop.copa.dup.pw>
<CABXMHjXy0Su3Copu5hBOdq=dwt4ET9KJD3WE-_ca+niyEnxsTg@mail.gmail.com>
(view parent)
On Thu, 20 Oct 2016 21:53:03 -0700 "Kevin M. Gallagher" <kevingallagher@gmail.com> wrote: > Details: > > http://dirtycow.ninja/ > https://lkml.org/lkml/2016/10/19/860 > > Proof of concept: > https://github.com/dirtycow/dirtycow.github.io/blob/master/dirtyc0w.c > > I'm using Alpine Linux for a time-urgent and security-critical project > happening this weekend, and would really like to see this fixed. However, > I'm not familiar with aports or the way you build kernels in Alpine. Is > anyone available to update the kernel in linux-grsec in the 3.4-stable > branch and/or backport the patch, sometime soon? Yes. Updated kernels will be available with an hour or two. At least for edge and v3.4. -nc --- Unsubscribe: alpine-devel+unsubscribe@lists.alpinelinux.org Help: alpine-devel+help@lists.alpinelinux.org ---