[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: Re: [oss-security] [vs-plain] Linux kernel stack overflow via ecryptfs and /proc/$pid/environ
From: henrix () camandro ! org
Date: 2016-06-22 12:11:51
Message-ID: 8760t1pgmw.fsf () camandro ! org
[Download RAW message or body]
Solar Designer <solar@openwall.com> writes:
> On Fri, Jun 10, 2016 at 02:46:23PM -0700, John Johansen wrote:
> > This is a forward notification of a local priv escalation flaw from
> > security@kernel.org to the OSS security list. The CRD was for
> > 2016-06-08 14:00:00 UTC. Patches attached to the email.
> >
> > The flaw in eCryptfs was assigned CVE-2016-1583.
>
> The Project Zero issue is now public:
>
> https://bugs.chromium.org/p/project-zero/issues/detail?id=836
>
> and it includes an exploit, which I've re-attached. (The rest of the
> files, including the crasher, were already posted in here by John.)
>
> > Subject: [PATCH 2/3] ecryptfs: forbid opening files without mmap handler
>
> https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2f36db71009304b3f0b95afacd8eba1f9f046b87
>
> > Subject: [PATCH 1/3] proc: prevent stacking filesystems on top
>
> https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e54ad7f1ee263ffa5a2de9c609d58dfa27b21cd9
>
> > Subject: [PATCH 3/3] sched: panic on corrupted stack end
>
> Not committed?
>
Yup, it's committed:
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=29d6455178a09e1dc340380c582b13356227e8df
Cheers,
--
Luís
> Andy Lutomirski is working on virtually mapped stacks with guard pages
> so that kernel stack overflows would be detected:
>
> http://www.openwall.com/lists/kernel-hardening/2016/06/15/1
> http://www.openwall.com/lists/kernel-hardening/2016/06/20/14
>
> Linus wants the 1.5us overhead on task creation to be reduced before
> this gets merged:
>
> http://www.openwall.com/lists/kernel-hardening/2016/06/21/10
>
> Alexander
>
>
>
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic