| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 10 Oct 2021 18:17:24 +0000 From: secret <andreas-stoewing@....de> To: linux-kernel@...r.kernel.org Subject: Unwanted activation of root-processes getting highly activated Hi again, concerns: Kernel-5.4.130 - Kernel-5.4.152 Below problem must have to do with the installation of a new kernel-version. I removed the old kernel(-version) and its modules completely from SSD/harddisk before the system got restarted, so that listed root-processes always act hyperactive whenever Pale Moon (within sandbox firejail and Tor) get started. So this hint might help you to patch the kernel. Regards, Andreas (Gooken) Date: 08.10.2021 Subject/Betreff: Unwanted activation of root-processes reading and writing out the whole SSD/harddrive ! / Kernel-5.4.134 (pclos, AppArmor / Tor (OpenSuSE) usw. etc.: Freigabe von Informationen, Ausführen von Code mit höheren Privilegien und beliebiger Kommandos in Linux, Erzeugung, Lesen und Überschreiben beliebiger Dateien Hi, Greg, dear Linux experts and friends, this is one of the most dangerous and worst things, Linux can happen! Refering to the actual kernel 5.4.134 ( now up to the actual version 5.4.151 and higher, additional remark from 10.08.2021), there still is a problem with unexpectedly activated, highly active root-processes (making the tower-LED causing readwrites onto harddiscs and making the SSD/harddrive blink serious- madly hard for about up to 20 minutes). The whole SSD/harddrive seems to get read out and overwritten! The unwanted, highly by tor (pclos, mga7) resp. firejail activated kernel- root-processes are named kworker/u2:1-kcryptd/253:2 (escpecially this one, CPU: gt; 10%) kworker/0:1H-kblockd dmcrypt_write/2 and jbd2/dm2--8 This occurs since kernel around 5.4.13, whenever I start browsing (with Pale Moon), activating firejail and tor. Please patch the kernel-5.4 to prevent it in future! Regards Andreas Stöwing (Gooken-producer, Gooken: https://gooken.safe-ws.de/gooken) Appendix libapparmor.so.required by firejail (OpenSuSE 15.X) needed by tor (rosa2016.1, mga7) must be the cause for the activation as much as high activity of some root-processes! I have got no other explanation. Kernel security module apparmor itself got deactivated within the kernel by my boot-parameters "security=none" and "apparmor=none". After tor and firejail version got changed from OpenSuSE 15.X to mga7 (firejail) resp. to CentOS el7 (Tor), so that libapparmor.so.1 is not required anymore, such root-processes did not get activated resp. active too much!<BR> But they did appear unexpectedly again in kernel-5.4.151 ! <BR><BR> So I still await your patches for kernel-5.4. In my opinion, Linux is killing spy-software and rubbish, if you won´t patch it ! Regards Gooken
Powered by blists - more mailing lists