Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
Dirty COW (CVE-2016-5195)
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
mgnut57
Apprentice
Apprentice


Joined: 12 Jan 2008
Posts: 188

PostPosted: Sun Nov 06, 2016 8:25 pm    Post subject: Dirty COW (CVE-2016-5195) Reply with quote

When will a fix for this be in gentoo-sources 4.4.x? The bug https://bugs.gentoo.org/show_bug.cgi?id=597624 doesn't show when the updated ebuild will be released.
Back to top
View user's profile Send private message
eccerr0r
Watchman
Watchman


Joined: 01 Jul 2004
Posts: 7051
Location: almost Mile High in the USA

PostPosted: Sun Nov 06, 2016 9:21 pm    Post subject: Reply with quote

Strange, I thought I verified the git commit in 4.4.26 and now it says it's in the vulnerable stage.

I have the stabilized gentoo-sources-4.4.26 installed and it does not seem to be vulnerable.

Code:
subaru:/tmp$ uname -a
Linux subaru 4.4.26-gentoo #1 SMP Sun Oct 23 14:27:44 MDT 2016 x86_64 Intel(R) Core(TM)2 Quad CPU Q9550 @ 2.83GHz GenuineIntel GNU/Linux
subaru:/tmp$ cat foo
this is a test
subaru:/tmp$ ls -l foo
-r-----r-- 1 root root 15 Nov  6 14:17 foo
subaru:/tmp$ ./dirtyc0w foo moooooooooooooooooooooooo
mmap 7ff47dd4a000

madvise 0

procselfmem -1794967296

subaru:/tmp$ cat foo
this is a test
subaru:/tmp$


More Gentoo references:

https://forums.gentoo.org/viewtopic-t-1053368-highlight-.html
_________________
Intel Core i7 2700K@ 4.1GHz/HD3000 graphics/8GB DDR3/180GB SSD
What am I supposed watching?
Back to top
View user's profile Send private message
goldfinch
n00b
n00b


Joined: 16 Oct 2015
Posts: 11

PostPosted: Mon Nov 07, 2016 7:46 pm    Post subject: Reply with quote

4.4.26 is fine.

https://bugs.gentoo.org/show_bug.cgi?id=597738

Edit:

Personally, I've updated to 4.4.30 since a couple of patches were removed. Have a look:

http://lwn.net/Articles/705221/
Back to top
View user's profile Send private message
eccerr0r
Watchman
Watchman


Joined: 01 Jul 2004
Posts: 7051
Location: almost Mile High in the USA

PostPosted: Mon Nov 07, 2016 8:13 pm    Post subject: Reply with quote

Yeah, I figured that someone made a mistake in the first bug report.

I backported to 4.0.5 on one machine since that was a network facing machine and 4.4.26 was not available at the time, so that's how I verified 4.4.26 indeed had the patch when it came out.

I'm waiting for Gentoo-devs to stabilize another gentoo-sources so I don't go and do an update of all my machines again and again... That 4.0.5 manual patch was enough trouble, then having to recompile all my other machines...
_________________
Intel Core i7 2700K@ 4.1GHz/HD3000 graphics/8GB DDR3/180GB SSD
What am I supposed watching?
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum