| 1 |
Sorry about noticing your reply only now. |
| 2 |
|
| 3 |
Namely, thinking that people over at hardened ML would tell more about |
| 4 |
it, I indirectly initiated a thread over at hardened ML: |
| 5 |
https://archives.gentoo.org/gentoo-hardened/message/09bbf3bfe59a938f11ac044e891db77e |
| 6 |
|
| 7 |
Will surely check it! And am CC'ing hardened about this patch at the |
| 8 |
hardened ML. Maybe they patch and forward the 4.4.8-r1 to 4.4.8-r2 . |
| 9 |
--- |
| 10 |
Only now looked at the patch. |
| 11 |
|
| 12 |
No, you don't get it. And I'm not CC'ing this to hardened ML. |
| 13 |
|
| 14 |
You can't just run the patch for a vanilla kernel onto a |
| 15 |
grsecurity-patched kernel. Look up the hardened-sources, and how they |
| 16 |
are patched, and what the mm.h and the gup.c in question (there are a |
| 17 |
few of so named files in various directories) look in the |
| 18 |
hardened-sources, and how they look in the vanilla-sources... |
| 19 |
|
| 20 |
If I'm not mistaken, and I did check it. No, I'm not mistaken, you just |
| 21 |
sent me the Linus's patch. |
| 22 |
|
| 23 |
No, wrong. But thanks for trying to help! |
| 24 |
|
| 25 |
On 161025-13:16-0400, Fernando Rodriguez wrote: |
| 26 |
> On Tue, Oct 25, 2016 at 07:11:54AM +0200, Miroslav Rovis wrote: |
| 27 |
> > On 161021-11:04-0400, Rich Freeman wrote: |
| 28 |
> > > On Fri, Oct 21, 2016 at 10:49 AM, Mick <michaelkintzios@×××××.com> wrote: |
| 29 |
> > > > https://github.com/dirtycow/dirtycow.github.io/wiki/VulnerabilityDetails |
| 30 |
> > > |
| 31 |
> > > Not yet: |
| 32 |
> > > https://bugs.gentoo.org/show_bug.cgi?id=597624 |
| 33 |
> > > |
| 34 |
> > |
| 35 |
> > We are talking grsecurity-patched (kind of stable[*]) kernel sources, |
| 36 |
> > the =sys-kernel/hardened-sources-4.4.8-r1 package [**]. |
| 37 |
> > |
| 38 |
> > I read most of the discussion, and I could easily patch the gup.c and |
| 39 |
> > mm.h in question, but those files need to be patched before application |
| 40 |
> > of the grsecurity patch, and that is a little more complex work. |
| 41 |
> |
| 42 |
> Did you tried it? |
| 43 |
> The patch attached comes straight from the git repo, just run: |
| 44 |
> |
| 45 |
> # cd /usr/src/linux |
| 46 |
> # patch -p1 < path/to/patch |
| 47 |
> |
| 48 |
> It'll likely work. |
| 49 |
> |
| 50 |
> > |
| 51 |
> > Has anybody done this, as I have limited time available to practice user |
| 52 |
> > patching (which in its simplest form, I was able to do here: |
| 53 |
> > >=dev-libs/nss-3.24 - Add USE flag to enable SSL key |
| 54 |
> > https://bugs.gentoo.org/show_bug.cgi?id=587116#c2 ), in case it can be |
| 55 |
> > done with user patching, of course. |
| 56 |
> > |
| 57 |
> > Anyone? |
| 58 |
> > |
| 59 |
> > Regards! |
| 60 |
> > --- |
| 61 |
> > [*] kind of stable, because there are, since about 1 yrs ago, only |
| 62 |
> > testing kernel available for the non-paying users ;-( |
| 63 |
> > |
| 64 |
> > [**] I have to use 4.4.8.r1 because recent kernel all crash with libirt |
| 65 |
> > and qemu which I am trying to use: |
| 66 |
> > https://bugs.gentoo.org/show_bug.cgi?id=597554 |
| 67 |
> > -- |
| 68 |
> > Miroslav Rovis |
| 69 |
> > Zagreb, Croatia |
| 70 |
> > http://www.CroatiaFidelis.hr |
| 71 |
> |
| 72 |
> |
| 73 |
> |
| 74 |
> -- |
| 75 |
> Fernando Rodriguez |
| 76 |
|
| 77 |
> commit 1294d355881cc5c3421d24fee512f16974addb6c |
| 78 |
> Author: Linus Torvalds <torvalds@××××××××××××××××.org> |
| 79 |
> Date: Thu Oct 13 13:07:36 2016 -0700 |
| 80 |
> |
| 81 |
> mm: remove gup_flags FOLL_WRITE games from __get_user_pages() |
| 82 |
> |
| 83 |
... |
| 84 |
|
| 85 |
Thanks for trying to help! Regards! |
| 86 |
-- |
| 87 |
Miroslav Rovis |
| 88 |
Zagreb, Croatia |
| 89 |
http://www.CroatiaFidelis.hr |
Archives