| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <87lghy7eul.fsf@xmission.com>
Date: Tue, 19 Dec 2017 12:27:30 -0600
From: ebiederm@...ssion.com (Eric W. Biederman)
To: Dave Jones <davej@...emonkey.org.uk>
Cc: Linus Torvalds <torvalds@...ux-foundation.org>,
Al Viro <viro@...iv.linux.org.uk>,
Linux Kernel <linux-kernel@...r.kernel.org>
Subject: Re: proc_flush_task oops
Dave Jones <davej@...emonkey.org.uk> writes:
> On Mon, Dec 18, 2017 at 03:50:52PM -0800, Linus Torvalds wrote:
>
> > But I don't see what would have changed in this area recently.
> >
> > Do you end up saving the seeds that cause crashes? Is this
> > reproducible? (Other than seeing it twoce, of course)
>
> Only clue so far, is every time I'm able to trigger it, the last thing
> the child process that triggers it did, was an execveat.
Is there any chance the excveat might be called from a child thread?
That switching pids between tasks of a process during exec can get a
little bit tricky.
> Telling it to just fuzz execveat doesn't instantly trigger it, so it
> must be a combination of some other syscall. I'll leave a script running
> overnight to see if I can binary search the other syscalls in
> combination with it.
Could we have a buggy syscall that is stomping something?
> One other thing: I said this was rc4, but it was actually rc4 + all the
> x86 stuff from today. There's enough creepy stuff in that pile, that
> I'll try with just plain rc4 tomorrow too.
Eric
Powered by blists - more mailing lists