Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 22 Jun 2016 12:28:38 +0300
From: Solar Designer <>
Subject: Re: [vs-plain] Linux kernel stack overflow via ecryptfs and /proc/$pid/environ

On Fri, Jun 10, 2016 at 02:46:23PM -0700, John Johansen wrote:
> This is a forward notification of a local priv escalation flaw from
> to the OSS security list. The CRD was for
> 2016-06-08 14:00:00 UTC. Patches attached to the email.
> The flaw in eCryptfs was assigned CVE-2016-1583.

The Project Zero issue is now public:

and it includes an exploit, which I've re-attached.  (The rest of the
files, including the crasher, were already posted in here by John.)

> Subject: [PATCH 2/3] ecryptfs: forbid opening files without mmap handler

> Subject: [PATCH 1/3] proc: prevent stacking filesystems on top

> Subject: [PATCH 3/3] sched: panic on corrupted stack end

Not committed?

Andy Lutomirski is working on virtually mapped stacks with guard pages
so that kernel stack overflows would be detected:

Linus wants the 1.5us overhead on task creation to be reduced before
this gets merged:


View attachment "exploit-description.txt" of type "text/plain" (11816 bytes)

Download attachment "exploit.tar.gz" of type "application/x-gzip" (6377 bytes)

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ