lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <202110091158.27436.andreas-stoewing@web.de>
Date:   Sat, 9 Oct 2021 11:58:22 +0000
From:   secret <andreas-stoewing@....de>
To:     linux-kernel@...r.kernel.org
Subject: Unwanted activation of root-processes getting highly activated

Such processes get always activated. But I have never seen them in such
dangerous high activity as described below!

Regards,
Andreas (Gooken)

Date: 08.10.2021

Subject/Betreff: Unwanted activation of root-processes reading and writing out
the whole SSD/harddrive ! / Kernel-5.4.134 (pclos, AppArmor / Tor (OpenSuSE)
usw. etc.: Freigabe von Informationen, Ausführen von Code mit höheren
Privilegien und beliebiger Kommandos in Linux, Erzeugung, Lesen und
Überschreiben beliebiger Dateien

Hi, Greg, dear Linux experts and friends,

this is one of the most dangerous and worst things, Linux can happen!
Refering to the actual kernel 5.4.134 ( now up to the actual version 5.4.151
and higher, additional remark from 10.08.2021), there still is a problem with
unexpectedly activated, highly active root-processes (making the tower-LED
causing readwrites onto harddiscs and making the SSD/harddrive blink serious-
madly hard for about up to 20 minutes). The whole SSD/harddrive seems to get
read out and overwritten!

The unwanted, highly by tor (pclos, mga7) resp. firejail activated kernel-
root-processes are named

kworker/u2:1-kcryptd/253:2 (escpecially this one, CPU: gt; 10%)
kworker/0:1H-kblockd
dmcrypt_write/2 and
jbd2/dm2--8

This occurs since kernel around 5.4.13, whenever I start browsing (with Pale
Moon), activating firejail and tor.

Please patch the kernel-5.4 to prevent it in future!
Regards
Andreas Stöwing (Gooken-producer, Gooken: https://gooken.safe-ws.de/gooken)

Appendix
libapparmor.so.required by firejail (OpenSuSE 15.X) needed by tor (rosa2016.1,
mga7) must be the cause for the activation as much as high activity of some
root-processes!
I have got no other explanation.
Kernel security module apparmor itself got deactivated within the kernel by my
boot-parameters "security=none" and "apparmor=none".

After tor and firejail version got changed from OpenSuSE 15.X to mga7
(firejail) resp. to CentOS el7 (Tor), so that libapparmor.so.1  is not
required anymore, such root-processes did not get activated resp. active too
much!<BR>
But they did appear unexpectedly again in kernel-5.4.151 !
<BR><BR>
So I still await your patches for kernel-5.4.
In my opinion, Linux is killing spy-software and rubbish, if you won&#180;t
patch it !

Regards
Gooken

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ