Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Wed, 22 Jun 2016 13:11:51 +0100
From: henrix@...andro.org
To: Solar Designer <solar@...nwall.com>
Cc: oss-security@...ts.openwall.com
Subject: Re: [vs-plain] Linux kernel stack overflow via ecryptfs and /proc/$pid/environ

Solar Designer <solar@...nwall.com> writes:

> On Fri, Jun 10, 2016 at 02:46:23PM -0700, John Johansen wrote:
>> This is a forward notification of a local priv escalation flaw from
>> security@...nel.org to the OSS security list. The CRD was for
>> 2016-06-08 14:00:00 UTC. Patches attached to the email.
>> 
>> The flaw in eCryptfs was assigned CVE-2016-1583.
>
> The Project Zero issue is now public:
>
> https://bugs.chromium.org/p/project-zero/issues/detail?id=836
>
> and it includes an exploit, which I've re-attached.  (The rest of the
> files, including the crasher, were already posted in here by John.)
>
>> Subject: [PATCH 2/3] ecryptfs: forbid opening files without mmap handler
>
> https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2f36db71009304b3f0b95afacd8eba1f9f046b87
>
>> Subject: [PATCH 1/3] proc: prevent stacking filesystems on top
>
> https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e54ad7f1ee263ffa5a2de9c609d58dfa27b21cd9
>
>> Subject: [PATCH 3/3] sched: panic on corrupted stack end
>
> Not committed?
>

Yup, it's committed:

https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=29d6455178a09e1dc340380c582b13356227e8df

Cheers,
-- 
Luís

> Andy Lutomirski is working on virtually mapped stacks with guard pages
> so that kernel stack overflows would be detected:
>
> http://www.openwall.com/lists/kernel-hardening/2016/06/15/1
> http://www.openwall.com/lists/kernel-hardening/2016/06/20/14
>
> Linus wants the 1.5us overhead on task creation to be reduced before
> this gets merged:
>
> http://www.openwall.com/lists/kernel-hardening/2016/06/21/10
>
> Alexander
>
>
>

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ