lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CAJKzgVtzD7ULwCDVRSLMCmGJNaMqvx+jVO619t3xuv2oiEsPMQ@mail.gmail.com>
Date:   Tue, 19 Nov 2019 10:37:44 +0530
From:   Bala S <balas2380@...il.com>
To:     mhocko@...nel.org
Cc:     linux-kernel@...r.kernel.org, linux-api@...r.kernel.org
Subject: Suggested Patch is not working for 22851 Bugzilla issue

Hi Mhocko,

https://sourceware.org/bugzilla/show_bug.cgi?id=22851
For the above issue, I have found the patch.

Patch link:
https://www.mail-archive.com/linux-kernel@vger.kernel.org/msg1561935.html

Only change i noticed is 'MAP_FIXED_NOREPLACE' is used instead of
'MAP_FIXED_SAFE'.

I ran test case on the following targets with this patch:

1. For X86-64, Still i could see the reported issue( 'libevil.so' just
runs ‘cat /etc/passwd')

2. For MIPS-64, i am not seeing the malicious file content as
reported. But ‘ldd’ could not found ‘libevil.so’.

root@...umips64:~/LIN1019-1806# ldd ./main
        linux-vdso.so.1 (0x000000fff1f20000)
        libevil.so => not found
        libc.so.6 => /lib/libc.so.6 (0x0000005e46f70000)
        /lib/ld.so.1 (0x000000fff7888000)

I am not clear why this patch is not working for X86-64? But it is
working for MIPS-64 with some issue.
Please let me know, if anything is pending on this patch for the reported issue.

Thanks,
Bala

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ