Gentoo Archives: gentoo-hardened

From: "Anthony G. Basile" <blueness@g.o>
To: gentoo-hardened@l.g.o
Subject: [gentoo-hardened] Security notice regarding hardened-sources
Date: Thu, 16 Sep 2010 21:18:44
Message-Id: 4C9288E2.5010709@gentoo.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Hi everyone,

All kernels before Sept 14 are vulnerable to the "IA32 Syscall Entry
Point Privilege Escalation"  and "IA32 Emulation Stack Underflow".  See

http://bugs.gentoo.org/show_bug.cgi?id=337645
http://bugs.gentoo.org/show_bug.cgi?id=337659

Also see

https://bugs.gentoo.org/show_bug.cgi?id=326885#c10


As a result, certain configurations of hardened-sources are also
vulnerable.  As a work around until I get the fix into the tree and fast
track stabilization, keep the following in mind:


1) Whether hardened or not, if you don't have CONFIG_IA32_EMULATION, the
exploits fail.


2) If you hide kernel symbols in /proc/kallsyms, the proof-of-concept
code won't work.  You can do that by either not enabling CONFIG_KALLSYMS
on non-hardened kernels, or just set CONFIG_GRKERNSEC_HIDESYM=y on
hardened.

(However, there may still be ways of making the exploit work even
without symbol info.)


3) On hardened systems, if you enable CONFIG_PAX_MEMORY_UDEREF=y, the
exploits fail even with access to symbol info.  If possible, I would
also recommend enabling CONFIG_PAX_KERNEXEC=y.


- -- 
Anthony G. Basile, Ph.D.
Gentoo Developer
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.16 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAkySiOIACgkQl5yvQNBFVTUZzQCeMolKjTKql6/ShNRtYSH/K1DM
thUAmwTJOrYbB1wJ4A+FlPDu78tc55AT
=xfQc
-----END PGP SIGNATURE-----

Replies

Subject Author
[gentoo-hardened] Re: Security notice regarding hardened-sources 7v5w7go9ub0o <7v5w7go9ub0o@×××××.com>