For discussion of Alpine Linux development and developer support

2 2

Re: [alpine-devel] CVE-2016-5195: Local privilege escalation exploit in Linux kernel

7heo
Details
Message ID
<9k46rq.ofe6gu.1hge1d2-qmf@gmx.com>
Sender timestamp
1477044027
DKIM signature
missing
Download raw message
Could it be that /proc/self/mem is also not writable in alpine?

On Fri Oct 21 11:23:40 2016 GMT+0200, Kevin M. Gallagher wrote:
> I just tried to execute the proof-of-concept on Alpine, and it didn't work
> (the file is supposed to be overwritten). No grsec messages logged, but I
> figure maybe it's not effective under grsecurity for some reason. Still a
> good idea to patch anyway...
> 
> On Fri, Oct 21, 2016 at 1:50 AM, Kevin M. Gallagher <
> kevingallagher@gmail.com> wrote:
> 
> > Great to hear. Thanks a lot, Natanael!
> >
> > On Fri, Oct 21, 2016 at 1:38 AM, Natanael Copa <ncopa@alpinelinux.org>
> > wrote:
> >
> >> On Thu, 20 Oct 2016 21:53:03 -0700
> >> "Kevin M. Gallagher" <kevingallagher@gmail.com> wrote:
> >>
> >> > Details:
> >> >
> >> > http://dirtycow.ninja/
> >> > https://lkml.org/lkml/2016/10/19/860
> >> >
> >> > Proof of concept:
> >> > https://github.com/dirtycow/dirtycow.github.io/blob/master/dirtyc0w.c
> >> >
> >> > I'm using Alpine Linux for a time-urgent and security-critical project
> >> > happening this weekend, and would really like to see this fixed.
> >> However,
> >> > I'm not familiar with aports or the way you build kernels in Alpine. Is
> >> > anyone available to update the kernel in linux-grsec in the 3.4-stable
> >> > branch and/or backport the patch, sometime soon?
> >>
> >> Yes. Updated kernels will be available with an hour or two. At least
> >> for edge and v3.4.
> >>
> >> -nc
> >>
> >
> >
>

Re: [alpine-devel] CVE-2016-5195: Local privilege escalation exploit in Linux kernel

Kevin Gallagher
Details
Message ID
<b0e14154-a334-c8c2-4d1f-166d9cd75f4e@gmail.com>
In-Reply-To
<9k46rq.ofe6gu.1hge1d2-qmf@gmx.com> (view parent)
Sender timestamp
1477044143
DKIM signature
missing
Download raw message
Same deal on non-Alpine grsec. Think it's cause of grsec /proc
restrictions in general, but I don't know a ton about the memory subsystem.


On 10/21/2016 03:00 AM, 7heo wrote:
> Could it be that /proc/self/mem is also not writable in alpine?
>
> On Fri Oct 21 11:23:40 2016 GMT+0200, Kevin M. Gallagher wrote:
>> I just tried to execute the proof-of-concept on Alpine, and it didn't work
>> (the file is supposed to be overwritten). No grsec messages logged, but I
>> figure maybe it's not effective under grsecurity for some reason. Still a
>> good idea to patch anyway...
>>
>> On Fri, Oct 21, 2016 at 1:50 AM, Kevin M. Gallagher <
>> kevingallagher@gmail.com> wrote:
>>
>>> Great to hear. Thanks a lot, Natanael!
>>>
>>> On Fri, Oct 21, 2016 at 1:38 AM, Natanael Copa <ncopa@alpinelinux.org>
>>> wrote:
>>>
>>>> On Thu, 20 Oct 2016 21:53:03 -0700
>>>> "Kevin M. Gallagher" <kevingallagher@gmail.com> wrote:
>>>>
>>>>> Details:
>>>>>
>>>>> http://dirtycow.ninja/
>>>>> https://lkml.org/lkml/2016/10/19/860
>>>>>
>>>>> Proof of concept:
>>>>> https://github.com/dirtycow/dirtycow.github.io/blob/master/dirtyc0w.c
>>>>>
>>>>> I'm using Alpine Linux for a time-urgent and security-critical project
>>>>> happening this weekend, and would really like to see this fixed.
>>>> However,
>>>>> I'm not familiar with aports or the way you build kernels in Alpine. Is
>>>>> anyone available to update the kernel in linux-grsec in the 3.4-stable
>>>>> branch and/or backport the patch, sometime soon?
>>>> Yes. Updated kernels will be available with an hour or two. At least
>>>> for edge and v3.4.
>>>>
>>>> -nc
>>>>
>>>
> >

Re: [alpine-devel] CVE-2016-5195: Local privilege escalation exploit in Linux kernel

Kevin M. Gallagher
Details
Message ID
<CABXMHjU7j4MuZEuD9XPzvv=1_agasVOumAH=ovxT6zan+rtVZQ@mail.gmail.com>
In-Reply-To
<b0e14154-a334-c8c2-4d1f-166d9cd75f4e@gmail.com> (view parent)
Sender timestamp
1477066784
DKIM signature
missing
Download raw message
Okay, an update. It turns out grsecurity is definitely vulnerable to the
flaw, it's just a poor proof-of-concept that would work w/ modifications in
order to hit that race more reliably. Glad you guys patched.

Thanks for expediting.

On Oct 21, 2016 3:02 AM, "Kevin Gallagher" <kevingallagher@gmail.com> wrote:

> Same deal on non-Alpine grsec. Think it's cause of grsec /proc
> restrictions in general, but I don't know a ton about the memory subsystem.
>
> On 10/21/2016 03:00 AM, 7heo wrote:
>
> Could it be that /proc/self/mem is also not writable in alpine?
>
> On Fri Oct 21 11:23:40 2016 GMT+0200, Kevin M. Gallagher wrote:
>
> I just tried to execute the proof-of-concept on Alpine, and it didn't work
> (the file is supposed to be overwritten). No grsec messages logged, but I
> figure maybe it's not effective under grsecurity for some reason. Still a
> good idea to patch anyway...
>
> On Fri, Oct 21, 2016 at 1:50 AM, Kevin M. Gallagher <kevingallagher@gmail.com> wrote:
>
>
> Great to hear. Thanks a lot, Natanael!
>
> On Fri, Oct 21, 2016 at 1:38 AM, Natanael Copa <ncopa@alpinelinux.org> <ncopa@alpinelinux.org>
> wrote:
>
>
> On Thu, 20 Oct 2016 21:53:03 -0700
> "Kevin M. Gallagher" <kevingallagher@gmail.com> <kevingallagher@gmail.com> wrote:
>
>
> Details:
> http://dirtycow.ninja/https://lkml.org/lkml/2016/10/19/860
>
> Proof of concept:https://github.com/dirtycow/dirtycow.github.io/blob/master/dirtyc0w.c
>
> I'm using Alpine Linux for a time-urgent and security-critical project
> happening this weekend, and would really like to see this fixed.
>
> However,
>
> I'm not familiar with aports or the way you build kernels in Alpine. Is
> anyone available to update the kernel in linux-grsec in the 3.4-stable
> branch and/or backport the patch, sometime soon?
>
>
> Yes. Updated kernels will be available with an hour or two. At least
> for edge and v3.4.
>
> -nc
>
>
>
>  >
>
>
>