X-Original-To: alpine-devel@lists.alpinelinux.org Received: from mail-vk0-f66.google.com (mail-vk0-f66.google.com [209.85.213.66]) by lists.alpinelinux.org (Postfix) with ESMTP id 4EAD35C4354 for ; Fri, 21 Oct 2016 16:19:46 +0000 (GMT) Received: by mail-vk0-f66.google.com with SMTP id 2so5033626vkb.1 for ; Fri, 21 Oct 2016 09:19:46 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=8yQ+WSCmVStuV57VrmOO0IlcWLZKTqn32R1qyLWaKTw=; b=SPvXl/3xCfj5XRJi6u0mWVXeSgANyASzEwA1txwN6nRlBFKDQuQOUL+h9w9GNbmD5u TeDIe4RNE8sD07eghE8FvFy7m/ERKfL1/xiXtSQ/ikRdHQAV9GZAtq6MGrDYefCPl1oH +09LUSZEv1GP8fov+l+izIQW7FFtjgqOF9cE+Lmd9st0kzphOvHeHmj6lS8vBdLN+hBc JhTQ0gyls8BGasdeObzSY6erQjIVDBVz8lxdtnYomQ/zwQMCEgTTgR5K+DI/GAvIf214 /eSly4kBfn8wQ9eWln7Y/TXjGhxQhVZXw45j2YA2WhUl9RT1+xtuoEUkygdffD4UeyuE UZnw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=8yQ+WSCmVStuV57VrmOO0IlcWLZKTqn32R1qyLWaKTw=; b=KSvDLflQUJkBOcDF6uf5Gi5DBwU/6dSJ+DaLvh3X8NNjziqTA0E1JJatFfFvzVSdKT QmPlGwr4t6awu4jsy1DC7qLWwEav7B1hhVFq6p2T/jzZ4TKc49ajlPCwxlrrSwGtipC7 3yxaD4n1cm9/GA6WJ7laGCkn2V3OJBI94eMSBljdvg2lEf9toqny7YALkfR5M932AUiP XJQnyo7tKjB8hop/XvKZQqNxXVTF8dxYXaWwXReCmdVzdnsAHg8hoHPjQ3uWOIXKrdgz yJzg9b5Jc5nz9HD0fxd0S1dUW9VSCl8XU7lThbqoAWb7kP8xJwdKcjRzUaF+n5usvJVE m5Lw== X-Gm-Message-State: ABUngvdmZy/XMW2unO7p3EeL1m7pZGkQI7tO5/Iw+hMbZfVMumv0XneJb/G1rWWEBCp10efRXdz9M1Nnlm9yAA== X-Received: by 10.31.9.74 with SMTP id 71mr1249683vkj.75.1477066785827; Fri, 21 Oct 2016 09:19:45 -0700 (PDT) X-Mailinglist: alpine-devel Precedence: list List-Id: Alpine Development List-Unsubscribe: List-Post: List-Help: List-Subscribe: MIME-Version: 1.0 Received: by 10.31.125.12 with HTTP; Fri, 21 Oct 2016 09:19:44 -0700 (PDT) Received: by 10.31.125.12 with HTTP; Fri, 21 Oct 2016 09:19:44 -0700 (PDT) In-Reply-To: References: <20161021103807.707115f3@ncopa-desktop.copa.dup.pw> <9k46rq.ofe6gu.1hge1d2-qmf@gmx.com> From: "Kevin M. Gallagher" Date: Fri, 21 Oct 2016 09:19:44 -0700 Message-ID: Subject: Re: [alpine-devel] CVE-2016-5195: Local privilege escalation exploit in Linux kernel To: 7heo <7heo@mail.com> Cc: alpine-devel@lists.alpinelinux.org, Natanael Copa Content-Type: multipart/alternative; boundary=001a1144141e14326a053f6269ff --001a1144141e14326a053f6269ff Content-Type: text/plain; charset=UTF-8 Okay, an update. It turns out grsecurity is definitely vulnerable to the flaw, it's just a poor proof-of-concept that would work w/ modifications in order to hit that race more reliably. Glad you guys patched. Thanks for expediting. On Oct 21, 2016 3:02 AM, "Kevin Gallagher" wrote: > Same deal on non-Alpine grsec. Think it's cause of grsec /proc > restrictions in general, but I don't know a ton about the memory subsystem. > > On 10/21/2016 03:00 AM, 7heo wrote: > > Could it be that /proc/self/mem is also not writable in alpine? > > On Fri Oct 21 11:23:40 2016 GMT+0200, Kevin M. Gallagher wrote: > > I just tried to execute the proof-of-concept on Alpine, and it didn't work > (the file is supposed to be overwritten). No grsec messages logged, but I > figure maybe it's not effective under grsecurity for some reason. Still a > good idea to patch anyway... > > On Fri, Oct 21, 2016 at 1:50 AM, Kevin M. Gallagher wrote: > > > Great to hear. Thanks a lot, Natanael! > > On Fri, Oct 21, 2016 at 1:38 AM, Natanael Copa > wrote: > > > On Thu, 20 Oct 2016 21:53:03 -0700 > "Kevin M. Gallagher" wrote: > > > Details: > http://dirtycow.ninja/https://lkml.org/lkml/2016/10/19/860 > > Proof of concept:https://github.com/dirtycow/dirtycow.github.io/blob/master/dirtyc0w.c > > I'm using Alpine Linux for a time-urgent and security-critical project > happening this weekend, and would really like to see this fixed. > > However, > > I'm not familiar with aports or the way you build kernels in Alpine. Is > anyone available to update the kernel in linux-grsec in the 3.4-stable > branch and/or backport the patch, sometime soon? > > > Yes. Updated kernels will be available with an hour or two. At least > for edge and v3.4. > > -nc > > > > > > > > --001a1144141e14326a053f6269ff Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable

Okay, an update. It turns out grsecurity is definitely vulne= rable to the flaw, it's just a poor proof-of-concept that would work w/= modifications in order to hit that race more reliably. Glad you guys patch= ed.

Thanks for expediting.


On Oct 21, 2016 3= :02 AM, "Kevin Gallagher" <kevingallagher@gmail.com> wrote:
=20 =20 =20

Same deal on non-Alpine grsec. Think it's cause of grsec /proc restrictions in general, but I don't know = a ton about the memory subsystem.


On 10/21/2016 03:00= AM, 7heo wrote:
Could it be that /proc/self/mem is also not writable in alpine?

On Fri Oct 21 11:23:40 2016 GMT+0200, Kevin M. Gallagher wrote:

I just tried to execute the proof-of-concept on Alpine, and it=
 didn't work
(the file is supposed to be overwritten). No grsec messages logged, but I
figure maybe it's not effective under grsecurity for some reason. Still=
 a
good idea to patch anyway...

On Fri, Oct 21, 2016 at 1:50 AM, Kevin M. Gallagher <
kevingallagher@gmail.com>=
 wrote:


Great to hear. Thanks a lot, Natanael!

On Fri, Oct 21, 2016 at 1:38 AM, Natanael Copa <ncopa@alpinelinux.org>
wrote:


On Thu, 20 Oct 2016 21:53:03 -0700
"Kevin M. Gallagher" <=
kevingallagher@gmail.com> wrote:


Details:

http://dirtycow.ninja/
https://lkml.org/lkml/2016/10/=
19/860

Proof of concept:
https://github.com/dirtycow/dirtycow.github.io/blob/master/dir=
tyc0w.c

I'm using Alpine Linux for a time-urgent and security-critical project
happening this weekend, and would really like to see this fixed.

However,

I'm not familiar with aports or the way you build ke=
rnels in Alpine. Is
anyone available to update the kernel in linux-grsec in the 3.4-stable
branch and/or backport the patch, sometime soon?

Yes. Updated kernels will be available with an hour or two. At least
for edge and v3.4.

-nc




>

--001a1144141e14326a053f6269ff-- --- Unsubscribe: alpine-devel+unsubscribe@lists.alpinelinux.org Help: alpine-devel+help@lists.alpinelinux.org ---