lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date:   Mon, 17 Oct 2022 02:43:29 +0200
From:   Mirsad Goran Todorovac <mirsad.todorovac@....unizg.hr>
To:     LKML <linux-kernel@...r.kernel.org>,
        "regressions@...ts.linux.dev" <regressions@...ts.linux.dev>
Subject: Fwd: BISECT result: 6.0.0-RC kernels trigger Firefox snap bug with
 6.0.0-rc3 through 6.0.0-rc7

On 16. 10. 2022. 22:19, Phillip Lougher wrote:
> On 16/10/2022 20:55, Phillip Lougher wrote:
>>
>> Tracking down bugs of this sort is always a process of elimination,
>> and gathering information to pinpoint the exact circumstances of why
>> it is triggering.
>>
>> Next step is to download the exact snap(s) where the problems are 
>> occurring, as this may provide some insights.
>>
>> I don't run Ubuntu, and I don't use snaps.  Can you provide the
>> download link(s) of the snap(s) that cause problems?  If there's
>> any firefox snaps that don't cause problems those will be useful
>> too.
>>
>
> It appears there's a searchable "Snap Store" https://snapcraft.io,
> but, it doesn't give any download links to the actual snaps which
> is rather annoying.
>
> Does anyone know how to get the download link?  I have not run
> Ubuntu for over 14 years and have absolutely no wish to do so
> now either.
>
> Thanks
>
> Phillip
>
>> You don't mention if there's any errors present in "dmesg" when
>> this happens, and so I'm assuming there aren't any?
>>
>> Phillip

Hi, Phillip,

No, there weren't anynew iterms in dmesg -l err output other than these 
usual ones, common to the situations
where the Firefox in snap is working. Only the kernel version is different.

I have managed to reproduce the situation on AlmaLinux 8.6 by installing 
the snapd rpm and then running
a regular "snap install firefox". NOTE: I had to manually enable 
squashfs kernel module.

Otherwise, the Ubuntu 22.04 Firefox 104.x and 105.0.x snaps are also the 
default Firefox snaps from the snap store.

The only exception is that I used 15+ windows and over 200 tabs in the 
testing case, many multimedia Youtube
channels, Yahoo mail, Outlook mail, and quite a few websites. This 
combination triggers the Verdeen errors very
quickly (only on vulnerable 6.0 kernels, on 5.19.x kernels it works like 
a charm).

Thank you.

It is obvious that the snapd + squashfs + Firefox combination triggers 
the bug under heavy load (both on Ubuntu
22.04 jammy and AlmaLinux 8.6.

Hope this helps.

Optionally, I could send the Firefox list of opened windows and tabs if 
I knew where the snaps store it. With the
/usr/bin/firefox version I knew it.

Kind regards,
Mirsad

--
Mirsad Goran Todorovac
Sistem inženjer
Grafički fakultet | Akademija likovnih umjetnosti
Sveučilište u Zagrebu
-- 
System engineer
Faculty of Graphic Arts | Academy of Fine Arts
University of Zagreb, Republic of Croatia
The European Union

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ