| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 16 May 2012 22:00:57 +0200 From: Tavis Ormandy <taviso@...xchg8b.com> To: full-disclosure@...ts.grok.org.uk Subject: Re: The story of the Linux kernel 3.x... Adam Zabrocki <pi3@....com.pl> wrote: > Hi Tavis, > > Don't know why you don't believe me :) Anyway: I don't believe any distribution stock kernel enabled it, because this is just too simple to get wrong. But if they have, we need to find out who enabled it so you can file bugs in the appropriate place. This is why I keep asking you if these are stock kernels or not. If your administrator enabled it, then this is just user error. So...are these stock kernels? If you're not sure, you can do something like: $ rpm -qf /boot/vmlinuz* # So we can see which package owns them $ cat /proc/version # So we can see which image you're booting $ rpm -qi kernel # So we can see who signed it And also the contents of /proc/cmdline and /proc/version (in case your administrator set vdso=2 on the commandline). And whatever the equivalents are for the other distributions. But whatever the results, if you can only reproduce this on kernels with COMPAT_COMPAT_VDSO, then this is a distribution bug and not a generic Linux problem (it's just doing what you asked it to do!). Tavis. -- ------------------------------------- taviso@...xchg8b.com | pgp encrypted mail preferred ------------------------------------------------------- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists