From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1RqoGx-0006yb-V0 for garchives@archives.gentoo.org; Fri, 27 Jan 2012 16:03:32 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id CDD2FE07C7; Fri, 27 Jan 2012 16:03:13 +0000 (UTC) Received: from atoth.sote.hu (atoth.sote.hu [195.111.75.211]) by pigeon.gentoo.org (Postfix) with ESMTP id 98AEDE0B26 for ; Fri, 27 Jan 2012 16:02:25 +0000 (UTC) Received: from atoth.sote.hu (apache@localhost [127.0.0.1]) by atoth.sote.hu (8.14.5/8.14.5/atoth@atoth.sote.hu) with ESMTP id q0RG2LcK007984 for ; Fri, 27 Jan 2012 17:02:21 +0100 X-DKIM: Sendmail DKIM Filter v2.8.3 atoth.sote.hu q0RG2LcK007984 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=atoth.sote.hu; s=dwokfur; t=1327680143; bh=Cz7vG1Ngihof37hxj0HunzzFrhIgmSY54BxTLbxxR1U=; l=2602; h=Message-ID:In-Reply-To:References:Date:Subject:From:To: MIME-Version:Content-Type:Content-Transfer-Encoding; b=aGh9VneAeMMT90IId4D5700sbiKwQHMMqNV6XqbilNmJcRtq+5RGYkY4quCGbOdi4 9K35PFMatsHo30SdVisEp6NNVUHHnygo2O/RFkHE8ZvBX6yGhYDAi59spWRQxDU5Uw zO8nG/Tn3KAlXoXCJGEN0MgIvcPZZwQIFwbooQco= X-DomainKeys: Sendmail DomainKeys Filter v1.0.2 atoth.sote.hu q0RG2LcK007984 DomainKey-Signature: a=rsa-sha1; s=dwokfur; d=atoth.sote.hu; c=nofws; q=dns; h=x-virus-status:x-virus-scanned:received:message-id: in-reply-to:references:date:subject:from:to:user-agent:mime-version: content-type:content-transfer-encoding:x-priority:importance: x-spam-status:x-spam-checker-version:x-list-milter:x-dcc-wuwien-metrics; b=UpdZrGW0KVvNeK2dcxnKnAO80d6JC/C+ip3r4pJ5yX/vyXHlbRIGOsOIIBwLcXujn mRBlRLrFNUtmdSvSBAwS1PhOG5krXcBj6os+f+UTqdW8cQcn6YKFCCytZFKTg+4OgA+ xhabkychHxbss9OHAnZaFrGwX0D07ohYz54xpdU= X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.97.3 at atoth Received: from 10.97.100.79 (SquirrelMail authenticated user atoth) by atoth.sote.hu with HTTP; Fri, 27 Jan 2012 17:02:21 +0100 Message-ID: In-Reply-To: <4F22A8B6.3010107@opensource.dyc.edu> References: <4F22A8B6.3010107@opensource.dyc.edu> Date: Fri, 27 Jan 2012 17:02:21 +0100 Subject: Re: [gentoo-hardened] Please test hardened-sources 2.6.32-r88 and 3.2.2 From: =?utf-8?B?IlTDs3RoIEF0dGlsYSI=?= To: gentoo-hardened@lists.gentoo.org User-Agent: SquirrelMail/1.4.22 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-hardened@lists.gentoo.org Reply-to: gentoo-hardened@lists.gentoo.org MIME-Version: 1.0 Content-Type: text/plain;charset=utf-8 X-Priority: 3 (Normal) Importance: Normal X-Spam-Status: No, score=-99.8 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_50, DKIM_ADSP_ALL,USER_IN_WHITELIST autolearn=no version=3.3.2 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on atoth.sote.hu X-List-Milter: local mail X-DCC-wuwien-Metrics: atoth 1290; Body=2 Fuz1=2 Fuz2=2 Content-Transfer-Encoding: quoted-printable X-Archives-Salt: 6528c3ed-d0bd-4af4-bb34-6f858f5c0795 X-Archives-Hash: 70e305135ab05f41e51665f17fa31321 I've just had this one while booting hardened-3.2.1: Jan 27 16:40:29 atoth kernel: vmalloc: allocation failure: 0 bytes Jan 27 16:40:29 atoth kernel: modprobe: page allocation failure: order:0, mode:0x80d2 Jan 27 16:40:29 atoth kernel: Pid: 7460, comm: modprobe Not tainted 3.2.1-hardened #1 Jan 27 16:40:29 atoth kernel: Call Trace: Jan 27 16:40:29 atoth kernel: [<000080d2>] ? match_id.clone.1+0x62/0x90 Jan 27 16:40:29 atoth kernel: [<000a0e1f>] ? warn_alloc_failed+0xbf/0x100 Jan 27 16:40:29 atoth kernel: [<000080d2>] ? match_id.clone.1+0x62/0x90 Jan 27 16:40:29 atoth kernel: [<000c3cc3>] ? __vmalloc_node_range+0x1a3/0= x240 Jan 27 16:40:29 atoth kernel: [<000080d2>] ? match_id.clone.1+0x62/0x90 Jan 27 16:40:29 atoth kernel: [<00637cb5>] ? __mutex_lock_slowpath+0x1a5/0x240 Jan 27 16:40:29 atoth kernel: [<00020b8e>] ? module_alloc+0x7e/0x90 Jan 27 16:40:29 atoth kernel: [<000080d2>] ? match_id.clone.1+0x62/0x90 Jan 27 16:40:29 atoth kernel: [<000728a3>] ? module_alloc_update_bounds_rw+0x13/0x60 Jan 27 16:40:29 atoth kernel: [<000728a3>] ? module_alloc_update_bounds_rw+0x13/0x60 Jan 27 16:40:29 atoth kernel: [<00073196>] ? load_module+0x886/0x1b70 Jan 27 16:40:29 atoth kernel: [<00002c59>] ? __switch_to+0xb9/0x210 Jan 27 16:40:29 atoth kernel: [<000744ca>] ? sys_init_module+0x4a/0x1d0 Jan 27 16:40:29 atoth kernel: [<00010246>] ? switch_to_new_gdt+0x26/0x30 Jan 27 16:40:29 atoth kernel: [<00638d71>] ? syscall_call+0x7/0xb Jan 27 16:40:29 atoth kernel: [<00002c59>] ? __switch_to+0xb9/0x210 Jan 27 16:40:29 atoth kernel: [<00010246>] ? switch_to_new_gdt+0x26/0x30 It's there for every module loading. Even though modules seems to work. Strange. The kernel also didn't logged the first page of dmesg in kernel.log. I don't experience this using hardened-3.1.8. I don't know if it's a known problem. I'll try hardened-3.2.2 later. Thanks: Dw. --=20 dr T=C3=B3th Attila, Radiol=C3=B3gus, 06-20-825-8057 Attila Toth MD, Radiologist, +36-20-825-8057 2012.Janu=C3=A1r 27.(P) 14:37 id=C5=91pontban Anthony G. Basile ezt =C3=AD= rta: > Hi everyone, > > I just added hardened-sources 2.6.32-r88 and 3.2.2 to the tree. They > address CVE-2012-0056. I've tested and they do indeed resist the > exploit. I will be stabilizing them within 24 hours. However, I feel > very uncomfortable doing so because I don't want to trade one set of > problems with another. If anyone has time to test, let me know if you > encounter any issues. > > -- > Anthony G. Basile, Ph. D. > Chair of Information Technology > D'Youville College > Buffalo, NY 14201 > (716) 829-8197 >