[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] [vs-plain] Linux kernel stack overflow via ecryptfs and /proc/$pid/environ
From:       henrix () camandro ! org
Date:       2016-06-22 12:11:51
Message-ID: 8760t1pgmw.fsf () camandro ! org
[Download RAW message or body]

Solar Designer <solar@openwall.com> writes:

> On Fri, Jun 10, 2016 at 02:46:23PM -0700, John Johansen wrote:
> > This is a forward notification of a local priv escalation flaw from
> > security@kernel.org to the OSS security list. The CRD was for
> > 2016-06-08 14:00:00 UTC. Patches attached to the email.
> > 
> > The flaw in eCryptfs was assigned CVE-2016-1583.
> 
> The Project Zero issue is now public:
> 
> https://bugs.chromium.org/p/project-zero/issues/detail?id=836
> 
> and it includes an exploit, which I've re-attached.  (The rest of the
> files, including the crasher, were already posted in here by John.)
> 
> > Subject: [PATCH 2/3] ecryptfs: forbid opening files without mmap handler
> 
> https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2f36db71009304b3f0b95afacd8eba1f9f046b87
>  
> > Subject: [PATCH 1/3] proc: prevent stacking filesystems on top
> 
> https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e54ad7f1ee263ffa5a2de9c609d58dfa27b21cd9
>  
> > Subject: [PATCH 3/3] sched: panic on corrupted stack end
> 
> Not committed?
> 

Yup, it's committed:

https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=29d6455178a09e1dc340380c582b13356227e8df


Cheers,
-- 
Luís

> Andy Lutomirski is working on virtually mapped stacks with guard pages
> so that kernel stack overflows would be detected:
> 
> http://www.openwall.com/lists/kernel-hardening/2016/06/15/1
> http://www.openwall.com/lists/kernel-hardening/2016/06/20/14
> 
> Linus wants the 1.5us overhead on task creation to be reduced before
> this gets merged:
> 
> http://www.openwall.com/lists/kernel-hardening/2016/06/21/10
> 
> Alexander
> 
> 
> 


[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic