Summary: | =sys-kernel/hardened-sources-3.6.8 - unable to handle kernel NULL pointer dereference - vsftpd copy_process+0x7ec/0x1110 | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | Alexey <al> |
Component: | [OLD] Core system | Assignee: | The Gentoo Linux Hardened Kernel Team (OBSOLETE) <hardened-kernel+disabled> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | hardened, jaak, kernel, pageexec, spender |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- | |
Attachments: | kernel-config |
Description
Alexey
2012-12-07 07:47:07 UTC
Created attachment 331726 [details]
kernel-config
(In reply to comment #1) > Created attachment 331726 [details] > kernel-config I think this is a known issue which is why 3.8.6 is off the tree. Can you test 3.7.0 and see if you still hit this. I'm guessing its gone. (In reply to comment #2) > (In reply to comment #1) > > Created attachment 331726 [details] > > kernel-config > > I think this is a known issue which is why 3.8.6 is off the tree. Can you > test 3.7.0 and see if you still hit this. I'm guessing its gone. Could you please provide more information (or a link) about why 3.6.8 is off the tree? Thanks! (In reply to comment #3) > (In reply to comment #2) > > (In reply to comment #1) > > > Created attachment 331726 [details] > > > kernel-config > > > > I think this is a known issue which is why 3.8.6 is off the tree. Can you > > test 3.7.0 and see if you still hit this. I'm guessing its gone. > > Could you please provide more information (or a link) about why 3.6.8 is off > the tree? Thanks! Can you test with hardened-sources-3.7.3 and see if this is gone. I just marked 2.6.32-r170, 3.2.46-r1, 3.9.5 stable. Please test and if this is still an issue reopen. (In reply to Anthony Basile from comment #5) > I just marked 2.6.32-r170, 3.2.46-r1, 3.9.5 stable. Please test and if this > is still an issue reopen. Can you still please explain and give us a reference about why you think this has been fixed in more recent versions of hardened-sources? (In reply to Jaak Ristioja from comment #6) > (In reply to Anthony Basile from comment #5) > > I just marked 2.6.32-r170, 3.2.46-r1, 3.9.5 stable. Please test and if this > > is still an issue reopen. > > Can you still please explain and give us a reference about why you think > this has been fixed in more recent versions of hardened-sources? There are 3 sources to this kernel: vanilla, genpatches and grsec patches. At any given time there are issues with each source causing forward pressure eg right now the 3.8 series is not supported by grsec (look at their site https://grsecurity.net/download_stable.php) and vanilla says don't use anything before 3.8.13. (google for the multiple reasons). Furthermore, grsec/pax team wants to look at their most recent releases. There is no fix to this. I've reopened and I'm cc-ing upstream. They'll probably want to you to look at 3.9.7 which I just added to the tree. yeah, we'd like to know if this is something reproducible on more recent kernels that we support. (In reply to Jaak Ristioja from comment #6) > (In reply to Anthony Basile from comment #5) > > I just marked 2.6.32-r170, 3.2.46-r1, 3.9.5 stable. Please test and if this > > is still an issue reopen. > > Can you still please explain and give us a reference about why you think > this has been fixed in more recent versions of hardened-sources? To answer your question more directly, I don't remember the details but at the time I had reports in IRC that 3.6.8 hit a NULL pointer deref. It may have been prometheanfire that told me. This was not reported again upon update to later 3.8.x's. this was a refcounting bug in some vma->exec_file or similar accounting in grsec that could lead to NULL derefs and was fixed quickly at the time. (In reply to PaX Team from comment #10) > this was a refcounting bug in some vma->exec_file or similar accounting in > grsec that could lead to NULL derefs and was fixed quickly at the time. @reporter. I'm going to assume following upstream's comment that this bug is gone. Please reopen if you still hit it with the more recent hardened sources on the tree. |