1 |
On Tue, Oct 25, 2016 at 07:38:01PM +0200, Miroslav Rovis wrote: |
2 |
> Sorry about noticing your reply only now. |
3 |
> |
4 |
> Namely, thinking that people over at hardened ML would tell more about |
5 |
> it, I indirectly initiated a thread over at hardened ML: |
6 |
> https://archives.gentoo.org/gentoo-hardened/message/09bbf3bfe59a938f11ac044e891db77e |
7 |
> |
8 |
> Will surely check it! And am CC'ing hardened about this patch at the |
9 |
> hardened ML. Maybe they patch and forward the 4.4.8-r1 to 4.4.8-r2 . |
10 |
> --- |
11 |
> Only now looked at the patch. |
12 |
> |
13 |
> No, you don't get it. And I'm not CC'ing this to hardened ML. |
14 |
> |
15 |
> You can't just run the patch for a vanilla kernel onto a |
16 |
> grsecurity-patched kernel. Look up the hardened-sources, and how they |
17 |
> are patched, and what the mm.h and the gup.c in question (there are a |
18 |
> few of so named files in various directories) look in the |
19 |
> hardened-sources, and how they look in the vanilla-sources... |
20 |
|
21 |
fernan@navi /usr/src/linux-4.4.8-hardened-r1 $ sudo patch -p1 < /home/fernan/dirtycow.patch |
22 |
patching file include/linux/mm.h |
23 |
Hunk #1 succeeded at 2131 (offset 19 lines). |
24 |
patching file mm/gup.c |
25 |
Hunk #3 succeeded at 357 (offset -5 lines). |
26 |
|
27 |
It works so I guess you can. Never say you can't do something before |
28 |
trying cause then you look like an idiot. |
29 |
|
30 |
And the patch says which are the files in question! |
31 |
|
32 |
> |
33 |
> If I'm not mistaken, and I did check it. No, I'm not mistaken, you just |
34 |
> sent me the Linus's patch. |
35 |
|
36 |
Yes you are mistaken, cause if you've tried it you wouldb't be asking |
37 |
the question. And yes, that is Linus patch. |
38 |
|
39 |
> |
40 |
> No, wrong. But thanks for trying to help! |
41 |
> |
42 |
> On 161025-13:16-0400, Fernando Rodriguez wrote: |
43 |
> > On Tue, Oct 25, 2016 at 07:11:54AM +0200, Miroslav Rovis wrote: |
44 |
> > > On 161021-11:04-0400, Rich Freeman wrote: |
45 |
> > > > On Fri, Oct 21, 2016 at 10:49 AM, Mick <michaelkintzios@×××××.com> wrote: |
46 |
> > > > > https://github.com/dirtycow/dirtycow.github.io/wiki/VulnerabilityDetails |
47 |
> > > > |
48 |
> > > > Not yet: |
49 |
> > > > https://bugs.gentoo.org/show_bug.cgi?id=597624 |
50 |
> > > > |
51 |
> > > |
52 |
> > > We are talking grsecurity-patched (kind of stable[*]) kernel sources, |
53 |
> > > the =sys-kernel/hardened-sources-4.4.8-r1 package [**]. |
54 |
> > > |
55 |
> > > I read most of the discussion, and I could easily patch the gup.c and |
56 |
> > > mm.h in question, but those files need to be patched before application |
57 |
> > > of the grsecurity patch, and that is a little more complex work. |
58 |
> > |
59 |
> > Did you tried it? |
60 |
> > The patch attached comes straight from the git repo, just run: |
61 |
> > |
62 |
> > # cd /usr/src/linux |
63 |
> > # patch -p1 < path/to/patch |
64 |
> > |
65 |
> > It'll likely work. |
66 |
> > |
67 |
> > > |
68 |
> > > Has anybody done this, as I have limited time available to practice user |
69 |
> > > patching (which in its simplest form, I was able to do here: |
70 |
> > > >=dev-libs/nss-3.24 - Add USE flag to enable SSL key |
71 |
> > > https://bugs.gentoo.org/show_bug.cgi?id=587116#c2 ), in case it can be |
72 |
> > > done with user patching, of course. |
73 |
> > > |
74 |
> > > Anyone? |
75 |
> > > |
76 |
> > > Regards! |
77 |
> > > --- |
78 |
> > > [*] kind of stable, because there are, since about 1 yrs ago, only |
79 |
> > > testing kernel available for the non-paying users ;-( |
80 |
> > > |
81 |
> > > [**] I have to use 4.4.8.r1 because recent kernel all crash with libirt |
82 |
> > > and qemu which I am trying to use: |
83 |
> > > https://bugs.gentoo.org/show_bug.cgi?id=597554 |
84 |
> > > -- |
85 |
> > > Miroslav Rovis |
86 |
> > > Zagreb, Croatia |
87 |
> > > http://www.CroatiaFidelis.hr |
88 |
> > |
89 |
> > |
90 |
> > |
91 |
> > -- |
92 |
> > Fernando Rodriguez |
93 |
> |
94 |
> > commit 1294d355881cc5c3421d24fee512f16974addb6c |
95 |
> > Author: Linus Torvalds <torvalds@××××××××××××××××.org> |
96 |
> > Date: Thu Oct 13 13:07:36 2016 -0700 |
97 |
> > |
98 |
> > mm: remove gup_flags FOLL_WRITE games from __get_user_pages() |
99 |
> > |
100 |
> ... |
101 |
> |
102 |
> Thanks for trying to help! Regards! |
103 |
> -- |
104 |
> Miroslav Rovis |
105 |
> Zagreb, Croatia |
106 |
> http://www.CroatiaFidelis.hr |
107 |
|
108 |
|
109 |
|
110 |
-- |
111 |
Fernando Rodriguez |