lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list]
Date:   Sun, 10 Oct 2021 18:23:17 +0000
From:   secret <andreas-stoewing@....de>
To:     linux-kernel@...r.kernel.org
Subject: Unwanted activation of root-processes getting highly activated

Hi again,

concerns: Kernel-5.4.130 - Kernel-5.4.152

Below problem must have to do with the installation of a new kernel-version.

I removed the old kernel(-version) and its modules completely from
SSD/harddisk, before the system got restarted, so that listed root-processes
always act hyperactive whenever Pale Moon (within sandbox firejail and Tor)
gets started.

So this might be a good hint for the belonging patch of this kernel.

Regards,
Andreas
(Gooken)

Date: 08.10.2021

Subject/Betreff: Unwanted activation of root-processes reading and writing out
the whole SSD/harddrive ! / Kernel-5.4.134 (pclos, AppArmor / Tor (OpenSuSE)
usw. etc.: Freigabe von Informationen, Ausführen von Code mit höheren
Privilegien und beliebiger Kommandos in Linux, Erzeugung, Lesen und
Überschreiben beliebiger Dateien

Hi, Greg, dear Linux experts and friends,

this is one of the most dangerous and worst things, Linux can happen!
Refering to the actual kernel 5.4.134 ( now up to the actual version 5.4.151
and higher, additional remark from 10.08.2021), there still is a problem with
unexpectedly activated, highly active root-processes (making the tower-LED
causing readwrites onto harddiscs and making the SSD/harddrive blink serious-
madly hard for about up to 20 minutes). The whole SSD/harddrive seems to get
read out and overwritten!

The unwanted, highly by tor (pclos, mga7) resp. firejail activated kernel-
root-processes are named

kworker/u2:1-kcryptd/253:2 (escpecially this one, CPU: gt; 10%)
kworker/0:1H-kblockd
dmcrypt_write/2 and
jbd2/dm2--8

This occurs since kernel around 5.4.13, whenever I start browsing (with Pale
Moon), activating firejail and tor.

Please patch the kernel-5.4 to prevent it in future!
Regards
Andreas Stöwing (Gooken-producer, Gooken: https://gooken.safe-ws.de/gooken)

Appendix
libapparmor.so.required by firejail (OpenSuSE 15.X) needed by tor (rosa2016.1,
mga7) must be the cause for the activation as much as high activity of some
root-processes!
I have got no other explanation.
Kernel security module apparmor itself got deactivated within the kernel by my
boot-parameters "security=none" and "apparmor=none".

After tor and firejail version got changed from OpenSuSE 15.X to mga7
(firejail) resp. to CentOS el7 (Tor), so that libapparmor.so.1  is not
required anymore, such root-processes did not get activated resp. active too
much!<BR>
But they did appear unexpectedly again in kernel-5.4.151 !
<BR><BR>
So I still await your patches for kernel-5.4.
In my opinion, Linux is killing spy-software and rubbish, if you won&#180;t
patch it !

Regards
Gooken

Powered by blists - more mailing lists