| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 16 Jun 2014 14:35:03 -0700
From: Andy Lutomirski <luto@...capital.net>
To: Richard Weinberger <richard@....at>,
"H. Peter Anvin" <hpa@...or.com>, X86 ML <x86@...nel.org>
Cc: Toralf Förster <toralf.foerster@....de>,
Eric Paris <eparis@...hat.com>,
Linux Kernel <linux-kernel@...r.kernel.org>
Subject: Re: 3.15: kernel BUG at kernel/auditsc.c:1525!
[cc: hpa, x86 list]
On Mon, Jun 16, 2014 at 1:43 PM, Richard Weinberger <richard@....at> wrote:
> Am 16.06.2014 22:41, schrieb Toralf Förster:
>> Well, might be the mail:subject should be adapted, b/c the issue can be triggered in a 3.13.11 kernel too.
>> Unfortunately it does not appear within an UML guest, therefore an automated bisecting isn't possible I fear.
>
> You could try KVM. :)
Before you do that, just to clarify:
What bitness is your kernel? That is, are you on 32-bit or 64-bit kernel?
What bitness is your test case? 'file a.out' will say.
What does /proc/cpuinfo say in flags?
Can you try the attached patch? It's only compile-tested.
To hpa, etc: It appears that entry_32.S is missing any call to the
audit exit hook on the badsys path. If I'm diagnosing this bug report
correctly, this causes OOPSes.
The the world at large: it's increasingly apparent that no one (except
maybe the blackhats) has ever scrutinized the syscall auditing code.
This is two old severe bugs in the code that have probably been there
for a long time.
--Andy
--
Andy Lutomirski
AMA Capital Management, LLC
View attachment "0001-x86_32-entry-Fix-badsys-paths.patch" of type "text/x-patch" (1582 bytes)
Powered by blists - more mailing lists