Date: Wed, 28 May 2014 15:30:04 -0700 From: Andy Lutomirski <luto@...capital.net> To: Greg KH <greg@...ah.com> Cc: oss-security@...ts.openwall.com Subject: Re: CVE request: Linux kernel DoS with syscall auditing On Wed, May 28, 2014 at 3:03 PM, Greg KH <greg@...ah.com> wrote: > On Wed, May 28, 2014 at 02:51:16PM -0700, Andy Lutomirski wrote: >> On Wed, May 28, 2014 at 2:53 PM, Greg KH <greg@...ah.com> wrote: >> > On Wed, May 28, 2014 at 02:45:59PM -0700, Andy Lutomirski wrote: >> >> Issuing a system call with a random large number will OOPS, depending >> >> on configuration. A configuration that will enable this bug is: >> >> >> >> # auditctl -a exit,always -S open >> >> >> >> No privilege whatsoever is required to trigger the OOPS. >> >> >> >> It's possible that this can be extended to more than just a DoS -- >> >> with some care and willingness to exploit timing attacks, this is a >> >> read of arbitrary single bits in kernel memory. >> > >> > Is there a kernel fix for this anywhere? >> >> No, but there will be soon. > > Great, I see the thread on lkml now, thanks for the heads up. > >> The correct fix is, IMO, CONFIG_AUDITSYSCALL=n. That code is garbage. > > No argument from me there... Patch here: https://lkml.kernel.org/g/<833bd6cb411ad1d4e293629c6c34c4abca27a840.1401315521.git.luto@...capital.net> it's not the best-tested thing in the world. --Andy
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ