Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 207393 - Proposed hardened-sources-2.6.23-r7 ebuild (CVE-2007-{6206,6434}, CVE-2008-{0007,0009,0010,0600})
Summary: Proposed hardened-sources-2.6.23-r7 ebuild (CVE-2007-{6206,6434}, CVE-2008-{0...
Status: VERIFIED FIXED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Hardened (show other bugs)
Hardware: All Linux
: High major (vote)
Assignee: The Gentoo Linux Hardened Team
URL:
Whiteboard:
Keywords: InVCS, SECURITY
Depends on:
Blocks:
 
Reported: 2008-01-25 15:59 UTC by Gordon Malm (RETIRED)
Modified: 2008-02-16 00:37 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments
hardened-sources-2.6.23-r7.ebuild (hardened-sources-2.6.23-r7.ebuild,745 bytes, text/plain)
2008-02-11 18:06 UTC, Olivier Huber
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Gordon Malm (RETIRED) gentoo-dev 2008-01-25 15:59:58 UTC
Linux 2.6.23.13 was released on 2008-01-09 with a single serious fix (current software possibly killing hardware) in the w83627ehf hardware monitoring driver.  Atleast one of my machines uses this driver.

Linux 2.6.23.14 was released on 2008-01-14 with a fix for a serious security flaw in the VFS layer.  An attacker could use this flaw to gain access to arbitrary files and possibly gain elevated privileges.

http://www.securityfocus.com/bid/27280/info
http://lwn.net/Articles/265381/


I also want to say thank you hardened team for all your hard work.  I, and others appreciate everything you do to make Hardened Gentoo awesome.  You guys are my rock stars.

Reproducible: Always
Comment 1 Gordon Malm (RETIRED) gentoo-dev 2008-01-25 16:10:39 UTC
Sorry for second post but I forgot to mention.. perhaps this VFS flaw be considered for GLSA as well?  It is about as serious a flaw as can be and everyone is affected.
Comment 2 Gordon Malm (RETIRED) gentoo-dev 2008-01-29 17:17:46 UTC
Thank you for the quick addition to the tree.  I hate to be a bother but is there any plans for a -r7 with the new grsec released Jan 23rd?  It contains a potential fix for a deadlock in the signal logging code.  2.6.24 obviously needs some time to stable & settle so personally, I'm hoping 2.6.23 will get updates for awhile.
Comment 3 Olivier Huber 2008-02-11 18:06:53 UTC
Created attachment 143223 [details]
hardened-sources-2.6.23-r7.ebuild

I try to do it, but I think it need some testing and review.
Comment 4 Kerin Millar 2008-02-11 18:43:22 UTC
I was notified of this bug just as I was about to file something similar!

Here's my offering: http://confucius.dh.bytemark.co.uk/~kerin.millar/

Changes:

* Bump to genpatches-base-2.6.23-9
* Ported grsecurity-2.1.11-2.6.23.14-200801231800 to 2.6.23.15
* Disables COMPAT_VDSO in x86/defconfig
* Removes bogus symbols ACPI_SLEEP_PROC_(FS|SLEEP) from x86_64/defconfig

Fixes (relative to 2.6.23-r6):

* CVE-2007-{6206,6434}
* CVE-2008-{0007,0009,0010,0600}

The port of grsecurity was straight forward except for a few hunks in mm/mmap.c. For that I used the upstream PaX patch that's in testing for 2.6.24 as guidance. One difference I observed between my patch and Olivier's is that, in mine, the call to security_file_mmap() takes precedence in expand_downwards() as this is how it is implemented in the 2.6.24 patch.

Working for me so far:

Linux spoiler 2.6.23-hardened-r7 #1 SMP Mon Feb 11 11:24:33 GMT 2008 x86_64 Dual-Core AMD Opteron(tm) Processor 2212 HE AuthenticAMD GNU/Linux

... but not heavily tested as of yet.
Comment 5 Olivier Huber 2008-02-11 19:15:24 UTC
> The port of grsecurity was straight forward except for a few hunks in
> mm/mmap.c. For that I used the upstream PaX patch that's in testing for 2.6.24
> as guidance. One difference I observed between my patch and Olivier's is that,
> in mine, the call to security_file_mmap() takes precedence in
> expand_downwards() as this is how it is implemented in the 2.6.24 patch.
 
I think you're right : I had no clue whether it should be before or after. Nice work ;)

Bug closed ?
Comment 6 solar (RETIRED) gentoo-dev 2008-02-11 19:42:06 UTC
(In reply to comment #4)
> I was notified of this bug just as I was about to file something similar!
> 
> Here's my offering: http://confucius.dh.bytemark.co.uk/~kerin.millar/
> 
> Changes:
> 
> * Bump to genpatches-base-2.6.23-9
> * Ported grsecurity-2.1.11-2.6.23.14-200801231800 to 2.6.23.15
> * Disables COMPAT_VDSO in x86/defconfig
> * Removes bogus symbols ACPI_SLEEP_PROC_(FS|SLEEP) from x86_64/defconfig
> 
> Fixes (relative to 2.6.23-r6):
> 
> * CVE-2007-{6206,6434}
> * CVE-2008-{0007,0009,0010,0600}
> 
> The port of grsecurity was straight forward except for a few hunks in
> mm/mmap.c. For that I used the upstream PaX patch that's in testing for 2.6.24
> as guidance. One difference I observed between my patch and Olivier's is that,
> in mine, the call to security_file_mmap() takes precedence in
> expand_downwards() as this is how it is implemented in the 2.6.24 patch.
> 
> Working for me so far:
> 
> Linux spoiler 2.6.23-hardened-r7 #1 SMP Mon Feb 11 11:24:33 GMT 2008 x86_64
> Dual-Core AMD Opteron(tm) Processor 2212 HE AuthenticAMD GNU/Linux
> 
> ... but not heavily tested as of yet.
>

this is in the tree as of 5 mins ago. Now it can be closed.
Thanks Kerin and others..

Comment 7 Kerin Millar 2008-02-15 21:03:34 UTC
Closing as 2.6.23-r7 has been keyworded stable. Anyone interested in the next release may wish to refer to bug 210026.
Comment 8 Kerin Millar 2008-02-16 00:37:33 UTC
My apologies, my last comment was erroneous in that 2.6.23-r7 has only been
marked stable on amd64.