Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sat, 5 Jul 2014 01:33:28 +0400
From: Solar Designer <solar@...nwall.com>
To: oss-security@...ts.openwall.com
Subject: Re: CVE-2014-4699: Linux ptrace bug

Thanks for posting this, Andy!

On Fri, Jul 04, 2014 at 02:05:08PM -0700, Andy Lutomirski wrote:
> Upstream commit b9cd18de4db3c9ffa7e17b0dc0ca99ed5aa4d43a fixes a
> ptrace bug.

http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b9cd18de4db3c9ffa7e17b0dc0ca99ed5aa4d43a

> The exact scope of the bug is somewhat unclear right now.

It's clear that this problem is specific to x86_64, though, and I think
you omitted this detail inadvertently (it is clear from the commit).

> I see no reason why the bug should not be present as far back as Linux
> 2.6.17, but it seems to be difficult to reproduce on old kernels.
> 
> There is some ongoing discussion on linux-distros about the impact and
> applicability of this bug.
> 
> More details and a PoC to follow some time next week.

I think it's OK to hold the PoC, but most discussion of the bug should
move in here.

Thanks again,

Alexander

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ