lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20130901185038.GA11714@amd.pavel.ucw.cz>
Date:	Sun, 1 Sep 2013 20:50:38 +0200
From:	Pavel Machek <pavel@....cz>
To:	Gustavo Padovan <gustavo@...ovan.org>, marcel@...tmann.org,
	johan.hedberg@...il.com, linux-bluetooth@...r.kernel.org,
	kernel list <linux-kernel@...r.kernel.org>,
	Linus Torvalds <torvalds@...ux-foundation.org>
Cc:	security@...nel.org
Subject: 3.11-final plan: unpriviledged user can crash the kernel (using
 bluetooth rfcomm)

Hi!

> > On Sat 2013-08-31 12:14:51, Pavel Machek wrote:
> > > On Sat 2013-08-31 12:09:33, Pavel Machek wrote:
> > > > Hi!
> > > > 
> > > > > . Python sources for client/server are at 
> > > > > 
> > > > > http://tui.cvs.sourceforge.net/viewvc/tui/tui/liveview/
> > > > > 
> > > > > . My kernels like to warn about
> > > > System is debian stable with gnome2.
> > > 
> > > And no, it is not fixed in 3.11-rc7.
> > 
> > 2.6.32-5-686 from debian seems to work.
> 
> Could you try linux-next? We recently pushed a rework of the RFCOMM tty
> handling, it should fix this. The work was too big to be pushed to 3.11

So... In 3.11 unpriviledged user can crash the kernel, but the fix is
too big, so we release it without the fix?

Somehow, I don't think that's good idea.

Do you have an idea what is the impact? Is it crash-the-kernel or
execute-arbitrary-code?

What about:

a) marking CONFIG_RFCOMM as dangerous in the help text. I just
checked, help text makes it sound like a good thing.

(joke) b) renaming CONFIG_RFCOMM to CONFIG_LET_USER_CRASH_KERNEL

or better yet:

c) removing CONFIG_RFCOMM option in affected releases? I know
regressions are bad, but...

Multiuser desktops are not too common these days, but all the
Android cellphones are "multiuser"...

Plus note that bug is so easy to trigger that I hit it in first minute
trying to get non-malicious application to run.

[3.10 seems also affected.]
									Pavel
-- 
(english) http://www.livejournal.com/~pavelmachek
(cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ