Date: Sun, 30 Oct 2016 06:35:57 +0100 From: Solar Designer <solar@...nwall.com> To: oss-security@...ts.openwall.com Subject: Re: CVE-2016-5195 test case Hi Andy, On Thu, Oct 27, 2016 at 08:35:01AM -0700, Andy Lutomirski wrote: > I sat on this longer than makes any sense given how easy to reproduce > CVE-2016-5195 is, but here's a reasonably portable reproducer. It's > intended to have no side effects, but your mileage may vary. > > https://github.com/amluto/vulnerabilities/blob/master/others/CVE-2016-5195/test_CVE-2016-5195.c > > This will use /proc/self/mem or ptrace automatically, and it's > intended to be portable to a wide range of kernels. Unfortunately, it still didn't work on systems without O_TMPFILE or/and without a defined PR_SET_PTRACER_ANY. Attached is a slightly more portable version. > It's an improved > version of the test case I originally sent out to distros (oops!). Why "oops"? Do you mean just the distros vs. linux-distros issue? It's OK to send reproducers to the [linux-]distros list (the appropriate one) as long as you intend to make them public shortly after public disclosure of the issue itself (the earliest of: a few days or when other public exploits/reproducers show up). I think for most issues, which are not high impact or/and where non-trivial pre-conditions need to be met, it makes sense to make the (non-weaponized) reproducers public right away (on the initial public disclosure date, along with full vulnerability detail), but occasionally there will be issues like this where delaying posting the reproducer a little bit makes sense. It's just that I think you shouldn't have delayed as much. Ideally, you should have made a posting in here without the reproducer on the initial public disclosure date (in fact, that's your responsibility per the [linux-]distros list policy), and as others made reproducers available within a day, you should have also posted yours the next day. Just my opinion. Thank you for your help in handling of this issue! Alexander View attachment "test_CVE-2016-5195.c" of type "text/x-c" (5069 bytes) View attachment "test_CVE-2016-5195.c.diff" of type "text/plain" (740 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ