Patch: http://git.kernel.org/linus/c41d68a513c71e35a14f66d71782d27a79a81ea6 Public exploit: http://seclists.org/fulldisclosure/2010/Sep/268
The grsec patch in hardened-sources-2.6.32-r18 and hardened-sources-2.6.34-r6 address this.
Running 2.6.34-r6 fine and stable.
*** Bug 338025 has been marked as a duplicate of this bug. ***
Created attachment 248720 [details, diff] Backported patch for 2.6.34.7 Applies cleanly to a stock 2.6.34.7 tree.
Hunk #1 FAILED at 360. 1 out of 1 hunk FAILED -- saving rejects to file include/linux/compat.h.rej We need this to apply to -r10, I will look at it tonight after work.
> We need this to apply to -r10, I will look at it tonight after work. I can't reproduce this failure ... # ACCEPT_KEYWORDS="~amd64" emerge =gentoo-sources-2.6.34-r10 # cp -a linux-2.6.34-gentoo-r10 linux-2.6.34-gentoo-r10.orig # cd linux-2.6.34-gentoo-r10 # patch -p1 < ../2.6.34.7_compat_alloc_user_space-incorporate-access_ok.patch patching file arch/ia64/include/asm/compat.h patching file arch/mips/include/asm/compat.h patching file arch/parisc/include/asm/compat.h patching file arch/powerpc/include/asm/compat.h patching file arch/s390/include/asm/compat.h patching file arch/sparc/include/asm/compat.h patching file arch/x86/include/asm/compat.h patching file include/linux/compat.h patching file kernel/compat.c Also: # md5sum ../2.6.34.7_compat_alloc_user_space-incorporate-access_ok.patch 15b14e282250beec58b0298091f9a1b9 ../2.6.34.7_compat_alloc_user_space-incorporate-access_ok.patch
I am using genpatches/2.6.34 right from svn. Possobly I have something in there that is not yet in r10. I will have to look at this after work. real job first.
Created attachment 248808 [details, diff] Patches cleanly against 2.6.34-r10 Adding patch tested to work against 2.6.34-r10
Created attachment 248810 [details] 2.6.34-r10 ebuild using 2.6.34-compat-alloc.patch
Released in gentoo-sources-2.6.34-r11.
For anyone who is concerned that they may have been exposed and subsequently exploited, here is a tool from Ksplice which checks for known backdoors: http://www.ksplice.com/uptrack/cve-2010-3081
Please consult the gentoo linux vulnerability treatment guide if you have further questions regarding the severity, before changing it.
I read it and am unable to fathom how the evaulation can be determined as anything other than A1 (critical) ... A = System/Common Package 1 = Local privilege escalation: flaw allowing root compromise when you have local access