View previous topic :: View next topic |
Author |
Message |
devilheart l33t
Joined: 17 Mar 2005 Posts: 848 Location: Villach, Austria
|
Posted: Mon Oct 24, 2016 12:47 pm Post subject: |
|
|
Do we know if kernels 3.X.Y will have a patch? I run version 3.18.25-r1 on some of my nodes due to a proprietary module. I can get an updated version if I pay for it, but maybe I should try to backport those few lines of code...
Buffoon wrote: | Interesting. Linus said he saw the problem 11 years ago, tried to fix it, but found it too difficult. Now the fix is just a few lines. | Maybe the code evolved in a way that makes the task of writing a patch easier |
|
Back to top |
|
|
fedeliallalinea Administrator
Joined: 08 Mar 2003 Posts: 30884 Location: here
|
Posted: Mon Oct 24, 2016 12:59 pm Post subject: |
|
|
devilheart wrote: | Do we know if kernels 3.X.Y will have a patch? I run version 3.18.25-r1 on some of my nodes due to a proprietary module. I can get an updated version if I pay for it, but maybe I should try to backport those few lines of code... |
You go on kernel.org and read changelog. This kernel it would seem patched, but read changelog first
Code: | 4.8.4
4.7.10
4.4.27
4.1.34
3.18.43
3.16.38
3.12.66
3.10.104
3.4.112
3.2.83 |
_________________ Questions are guaranteed in life; Answers aren't. |
|
Back to top |
|
|
tazinblack Veteran
Joined: 23 Jan 2005 Posts: 1146 Location: Baden / Germany
|
Posted: Mon Oct 24, 2016 1:41 pm Post subject: |
|
|
Bigun wrote: | russK wrote: | JuNix wrote: | There's no GLSA for it either. |
Good point. Is this GLSA worthy? |
I would think so. It's in the same vein as heartbleed or that recent TCP exploit. |
As found here https://bugs.gentoo.org/show_bug.cgi?id=597624#c9 there will be no GLSA for this. _________________ Gruß / Regards
tazinblack
_______________________________________________________
what's the point in being grown up if you can't be childish sometimes |
|
Back to top |
|
|
devilheart l33t
Joined: 17 Mar 2005 Posts: 848 Location: Villach, Austria
|
Posted: Mon Oct 24, 2016 2:22 pm Post subject: |
|
|
fedeliallalinea wrote: | devilheart wrote: | Do we know if kernels 3.X.Y will have a patch? I run version 3.18.25-r1 on some of my nodes due to a proprietary module. I can get an updated version if I pay for it, but maybe I should try to backport those few lines of code... |
You go on kernel.org and read changelog. This kernel it would seem patched, but read changelog first
Code: | 4.8.4
4.7.10
4.4.27
4.1.34
3.18.43
3.16.38
3.12.66
3.10.104
3.4.112
3.2.83 |
|
Thanks. It seems that 3.18.43 does not have the fix, but it was released on 10 October. 3.16.38, 3.12.66 and 3.10.104 are fixed so I can wait for 3.18.44, use vanilla sources or patch 3.18.43 sources
EDIT:
3.18.44 was released by upstream and it has the patch but it is not in gentoo tree yet
Last edited by devilheart on Tue Oct 25, 2016 9:58 am; edited 1 time in total |
|
Back to top |
|
|
Zucca Moderator
Joined: 14 Jun 2007 Posts: 3332 Location: Rasi, Finland
|
Posted: Mon Oct 24, 2016 4:17 pm Post subject: |
|
|
Buffoon wrote: | Interesting. Linus said he saw the problem 11 years ago, tried to fix it, but found it too difficult. Now the fix is just a few lines. | Does anyone have a url to this discussion? I'd like to read that just out of curiosity. _________________ ..: Zucca :..
Gentoo IRC channels reside on Libera.Chat.
--
Quote: | I am NaN! I am a man! |
|
|
Back to top |
|
|
ChrisJumper Advocate
Joined: 12 Mar 2005 Posts: 2390 Location: Germany
|
Posted: Wed Oct 26, 2016 12:02 am Post subject: |
|
|
eccerr0r wrote: |
And yes I should have full rights to root on my own machines. The fact that they are deliberately trying to make it hard or impossible for the machine owner to have root is completely wrong. GRRR! |
The good News:
Yes, this Bugs give you root access on androit too.
The bad News:
But some devices are vulnerable for the rawhammer attack. And of coures all Devices even 6.0.1 with the 5. Oktober Patch set is vulnerable.
But hey we need a local intruder. I whish my smartphone have a gentoo-os so that i can compile the fixes before...
Google say the November Patches for Android will deliver, code that make it harder but not impossible. WTF? I Hope thats just for the rawhammer Bug. |
|
Back to top |
|
|
eccerr0r Watchman
Joined: 01 Jul 2004 Posts: 9675 Location: almost Mile High in the USA
|
Posted: Wed Oct 26, 2016 5:14 am Post subject: |
|
|
Do you actually mean "rowhammer" not "rawhammer"? Rowhammer is kind of hard to exploit though easy to trigger. Mainly because it's hardware dependent which bits get flipped, and likely some bits are easier to flip than others - and sometimes you need specific bits to flip to get a privilege escalation. Right now I see it more of a nuisance or simple data corruption but you can't necessarily know what data you're corrupting unless you own all three of the lines hence needing PT and tag data... Of course faking the PTE's and confusing the OS to use them is also possible, but this is also very hard to implement.
This basically is mainly for damaging Oracle data more than rooting a box.
----
And I jumped too soon, 4.4.26 has the Dirty CoW patch (I verified the source) but 4.4.27 came out the next day... sigh...
Another kernel bump or stay at 4.4.26, that is the question... _________________ Intel Core i7 2700K/Radeon R7 250/24GB DDR3/256GB SSD
What am I supposed watching? |
|
Back to top |
|
|
1clue Advocate
Joined: 05 Feb 2006 Posts: 2569
|
Posted: Wed Oct 26, 2016 11:05 pm Post subject: |
|
|
I tried the sample, and it overwrote the passwd command. While monkeying around, I ran the passwd command which admittedly isn't the brightest thing I've ever done.
System went dark, even the console was unresponsive. I reset the box, and of course since /tmp is tmpfs I no longer have my original passwd command.
I should be able to just Code: | emerge -1 sys-apps/shadow | right? |
|
Back to top |
|
|
Zucca Moderator
Joined: 14 Jun 2007 Posts: 3332 Location: Rasi, Finland
|
Posted: Wed Oct 26, 2016 11:26 pm Post subject: |
|
|
1clue wrote: | I should be able to just Code: | emerge -1 sys-apps/shadow | right? | That should do it. equery f shadow | grep bin: | /bin
/bin/groups
/bin/login
/bin/passwd
/bin/su
/sbin
/sbin/nologin
/usr/bin
/usr/bin/chage
/usr/bin/chfn
/usr/bin/chsh
/usr/bin/expiry
/usr/bin/faillog
/usr/bin/gpasswd
/usr/bin/lastlog
/usr/bin/newgrp
/usr/bin/passwd
/usr/bin/sg
/usr/sbin
/usr/sbin/chgpasswd
/usr/sbin/chpasswd
/usr/sbin/groupadd
/usr/sbin/groupdel
/usr/sbin/groupmems
/usr/sbin/groupmod
/usr/sbin/grpck
/usr/sbin/grpconv
/usr/sbin/grpunconv
/usr/sbin/logoutd
/usr/sbin/newusers
/usr/sbin/pwck
/usr/sbin/pwconv
/usr/sbin/pwunconv
/usr/sbin/useradd
/usr/sbin/userdel
/usr/sbin/usermod
/usr/sbin/vigr
/usr/sbin/vipw | ... or just pull the binary from your backups.
You have backups? Right?
But really. It's safer to emerge shadow to avoid version conflicts. |
|
Back to top |
|
|
eccerr0r Watchman
Joined: 01 Jul 2004 Posts: 9675 Location: almost Mile High in the USA
|
Posted: Wed Oct 26, 2016 11:35 pm Post subject: |
|
|
That sample should have given you a rootshell, I'm surprised it crashed your box... Might have to build a VM to play with this a bit. _________________ Intel Core i7 2700K/Radeon R7 250/24GB DDR3/256GB SSD
What am I supposed watching? |
|
Back to top |
|
|
1clue Advocate
Joined: 05 Feb 2006 Posts: 2569
|
Posted: Thu Oct 27, 2016 12:19 am Post subject: |
|
|
4.7.6-hardened is affected. I'm trying the patch manually. |
|
Back to top |
|
|
1clue Advocate
Joined: 05 Feb 2006 Posts: 2569
|
Posted: Thu Oct 27, 2016 12:20 am Post subject: |
|
|
Zucca wrote: | ... or just pull the binary from your backups.
You have backups? Right?
But really. It's safer to emerge shadow to avoid version conflicts. |
Yes I have backups, but they don't include system binaries.
Thanks. |
|
Back to top |
|
|
|