From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1OwLqu-00008v-H7 for garchives@archives.gentoo.org; Thu, 16 Sep 2010 21:18:44 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id DCE94E0899; Thu, 16 Sep 2010 21:15:17 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) by pigeon.gentoo.org (Postfix) with ESMTP id B7AFBE0899 for ; Thu, 16 Sep 2010 21:15:17 +0000 (UTC) Received: from [192.168.3.7] (cpe-74-77-194-18.buffalo.res.rr.com [74.77.194.18]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPSA id 3122D1B421E for ; Thu, 16 Sep 2010 21:15:17 +0000 (UTC) Message-ID: <4C9288E2.5010709@gentoo.org> Date: Thu, 16 Sep 2010 17:15:14 -0400 From: "Anthony G. Basile" User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.9) Gecko/20100912 Lightning/1.0b3pre Lanikai/3.1.3 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-hardened@lists.gentoo.org Reply-to: gentoo-hardened@lists.gentoo.org MIME-Version: 1.0 To: gentoo-hardened@lists.gentoo.org Subject: [gentoo-hardened] Security notice regarding hardened-sources X-Enigmail-Version: 1.1.2 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Archives-Salt: 7034bb90-3aa2-42d9-8e86-62faa706c954 X-Archives-Hash: 198c11cd059badc94d26939b8aa79f61 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi everyone, All kernels before Sept 14 are vulnerable to the "IA32 Syscall Entry Point Privilege Escalation" and "IA32 Emulation Stack Underflow". See http://bugs.gentoo.org/show_bug.cgi?id=337645 http://bugs.gentoo.org/show_bug.cgi?id=337659 Also see https://bugs.gentoo.org/show_bug.cgi?id=326885#c10 As a result, certain configurations of hardened-sources are also vulnerable. As a work around until I get the fix into the tree and fast track stabilization, keep the following in mind: 1) Whether hardened or not, if you don't have CONFIG_IA32_EMULATION, the exploits fail. 2) If you hide kernel symbols in /proc/kallsyms, the proof-of-concept code won't work. You can do that by either not enabling CONFIG_KALLSYMS on non-hardened kernels, or just set CONFIG_GRKERNSEC_HIDESYM=y on hardened. (However, there may still be ways of making the exploit work even without symbol info.) 3) On hardened systems, if you enable CONFIG_PAX_MEMORY_UDEREF=y, the exploits fail even with access to symbol info. If possible, I would also recommend enabling CONFIG_PAX_KERNEXEC=y. - -- Anthony G. Basile, Ph.D. Gentoo Developer -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.16 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkySiOIACgkQl5yvQNBFVTUZzQCeMolKjTKql6/ShNRtYSH/K1DM thUAmwTJOrYbB1wJ4A+FlPDu78tc55AT =xfQc -----END PGP SIGNATURE-----