Date: Wed, 22 Jun 2016 13:11:51 +0100 From: henrix@...andro.org To: Solar Designer <solar@...nwall.com> Cc: oss-security@...ts.openwall.com Subject: Re: [vs-plain] Linux kernel stack overflow via ecryptfs and /proc/$pid/environ Solar Designer <solar@...nwall.com> writes: > On Fri, Jun 10, 2016 at 02:46:23PM -0700, John Johansen wrote: >> This is a forward notification of a local priv escalation flaw from >> security@...nel.org to the OSS security list. The CRD was for >> 2016-06-08 14:00:00 UTC. Patches attached to the email. >> >> The flaw in eCryptfs was assigned CVE-2016-1583. > > The Project Zero issue is now public: > > https://bugs.chromium.org/p/project-zero/issues/detail?id=836 > > and it includes an exploit, which I've re-attached. (The rest of the > files, including the crasher, were already posted in here by John.) > >> Subject: [PATCH 2/3] ecryptfs: forbid opening files without mmap handler > > https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2f36db71009304b3f0b95afacd8eba1f9f046b87 > >> Subject: [PATCH 1/3] proc: prevent stacking filesystems on top > > https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e54ad7f1ee263ffa5a2de9c609d58dfa27b21cd9 > >> Subject: [PATCH 3/3] sched: panic on corrupted stack end > > Not committed? > Yup, it's committed: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=29d6455178a09e1dc340380c582b13356227e8df Cheers, -- Luís > Andy Lutomirski is working on virtually mapped stacks with guard pages > so that kernel stack overflows would be detected: > > http://www.openwall.com/lists/kernel-hardening/2016/06/15/1 > http://www.openwall.com/lists/kernel-hardening/2016/06/20/14 > > Linus wants the 1.5us overhead on task creation to be reduced before > this gets merged: > > http://www.openwall.com/lists/kernel-hardening/2016/06/21/10 > > Alexander > > >
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ