[kernel-hardening] Compilation error and probable exploit

[kernel-hardening] Compilation error and probable exploit

[Cleric John Preston]

[-- Attachment #1: Type: text/plain, Size: 8619 bytes --]

Hello,
In compiling linux 4.9.38 I have a lot of error ...
I do not think anything is wanted.
Linus promised a kernel version without adding functionality (the release only contains bugfixes). But how long?
scripts/selinux/genheaders/genheaders.c:78:17: warning: comparison between signed and unsigned integer expressions [-Wsign-compare]
scripts/selinux/genheaders/genheaders.c:88:17: warning: comparison between signed and unsigned integer expressions [-Wsign-compare]
scripts/selinux/genheaders/genheaders.c:129:18: warning: comparison between signed and unsigned integer expressions [-Wsign-compare]
scripts/genksyms/lex.lex.c_shipped:675:18: warning: comparison between signed and unsigned integer expressions [-Wsign-compare]
scripts/mod/file2alias.c:477:25: warning: comparison between signed and unsigned integer expressions [-Wsign-compare]
scripts/mod/file2alias.c:478:25: warning: comparison between signed and unsigned integer expressions [-Wsign-compare]
scripts/mod/file2alias.c:479:29: warning: comparison between signed and unsigned integer expressions [-Wsign-compare]
scripts/mod/file2alias.c:480:29: warning: comparison between signed and unsigned integer expressions [-Wsign-compare]
scripts/mod/file2alias.c:937:16: warning: comparison between signed and unsigned integer expressions [-Wsign-compare]
scripts/mod/file2alias.c:1094:25: warning: comparison between signed and unsigned integer expressions [-Wsign-compare]
scripts/mod/file2alias.c:1095:25: warning: comparison between signed and unsigned integer expressions [-Wsign-compare]
scripts/insert-sys-cert.c:318:19: warning: comparison between signed and unsigned integer expressions [-Wsign-compare]
scripts/insert-sys-cert.c:341:19: warning: comparison between signed and unsigned integer expressions [-Wsign-compare]
mm/slub.c:4420:13: warning: ‘validate_slab_cache’ defined but not used [-Wunused-function]
mm/slub.c:4578:12: warning: ‘list_locations’ defined but not used [-Wunused-function]
./include/linux/timekeeping.h:29:7: warning: ‘new_ts.tv_sec’ may be used uninitialized in this function [-Wmaybe-uninitialized]
./include/linux/timekeeping.h:29:7: warning: ‘new_ts.tv_nsec’ may be used uninitialized in this function [-Wmaybe-uninitialized]
arch/x86/kernel/cpu/microcode/intel.c:521:1: warning: the frame size of 1032 bytes is larger than 1024 bytes [-Wframe-larger-than=]
arch/x86/kernel/cpu/microcode/intel.c:144:1: warning: the frame size of 1032 bytes is larger than 1024 bytes [-Wframe-larger-than=]
arch/x86/kernel/cpu/microcode/intel.c:357:1: warning: the frame size of 1080 bytes is larger than 1024 bytes [-Wframe-larger-than=]
arch/x86/kernel/cpu/microcode/intel.c:681:1: warning: the frame size of 1032 bytes is larger than 1024 bytes [-Wframe-larger-than=]
./include/linux/timekeeping.h:29:7: warning: ‘new_ts.tv_sec’ may be used uninitialized in this function [-Wmaybe-uninitialized]
./include/linux/timekeeping.h:29:7: warning: ‘new_ts.tv_nsec’ may be used uninitialized in this function [-Wmaybe-uninitialized]
fs/jffs2/xattr.c:887:1: warning: the frame size of 1136 bytes is larger than 1024 bytes [-Wframe-larger-than=]
drivers/block/DAC960.c:6999:4: warning: ‘RequestSenseLength’ may be used uninitialized in this function [-Wmaybe-uninitialized]
fs/nfsd/nfs4callback.c:592:19: warning: unused variable ‘req’ [-Wunused-variable]
fs/nfsd/nfs4callback.c:611:19: warning: unused variable ‘rqstp’ [-Wunused-variable]
fs/nfsd/nfs4callback.c:642:19: warning: unused variable ‘req’ [-Wunused-variable]
fs/nfsd/nfs4callback.c:672:19: warning: unused variable ‘rqstp’ [-Wunused-variable]
drivers/firmware/memmap.c:160:29: warning: passing argument 2 of ‘kobject_init’ discards ‘const’ qualifier from pointer target type [-Wdiscarded-qualifiers]
drivers/firmware/efi/runtime-map.c:126:29: warning: passing argument 2 of ‘kobject_init’ discards ‘const’ qualifier from pointer target type [-Wdiscarded-qualifiers]
drivers/gpu/drm/i915/i915_gem_stolen.c:499:16: warning: format ‘%zu’ expects argument of type ‘size_t’, but argument 4 has type ‘u64 {aka long long unsigned int}’ [-Wformat=]
drivers/gpu/drm/i915/i915_gem_stolen.c:499:16: warning: format ‘%lu’ expects argument of type ‘long unsigned int’, but argument 5 has type ‘long long unsigned int’ [-Wformat=]
./include/linux/mod_devicetable.h:142:23: warning: large integer implicitly truncated to unsigned type [-Woverflow]
net/ipv6/addrconf.c:4165:29: warning: passing argument 1 of ‘register_ipv6_seq_ops_addr’ discards ‘const’ qualifier from pointer target type [-Wdiscarded-qualifiers]
./include/linux/kernel.h:749:16: warning: comparison of distinct pointer types lacks a cast
drivers/gpu/drm/drm_fops.c:566:13: warning: ‘drm_pending_event_destroy’ defined but not used [-Wunused-function]
drivers/isdn/hisax/config.c:688:5: warning: assignment discards ‘const’ qualifier from pointer target type [-Wdiscarded-qualifiers]
drivers/isdn/hardware/eicon/diddfunc.c:76:1: warning: the frame size of 1152 bytes is larger than 1024 bytes [-Wframe-larger-than=]
drivers/isdn/hardware/eicon/divasfunc.c:189:1: warning: the frame size of 1152 bytes is larger than 1024 bytes [-Wframe-larger-than=]
net/openvswitch/datapath.c:1224:1: warning: the frame size of 1064 bytes is larger than 1024 bytes [-Wframe-larger-than=]
drivers/isdn/hardware/eicon/mntfunc.c:115:1: warning: the frame size of 1152 bytes is larger than 1024 bytes [-Wframe-larger-than=]
drivers/isdn/hardware/eicon/idifunc.c:220:1: warning: the frame size of 1152 bytes is larger than 1024 bytes [-Wframe-larger-than=]
drivers/isdn/hardware/eicon/capifunc.c:1092:1: warning: the frame size of 1152 bytes is larger than 1024 bytes [-Wframe-larger-than=]
drivers/isdn/hardware/eicon/message.c:6113:1: warning: the frame size of 1200 bytes is larger than 1024 bytes [-Wframe-larger-than=]
drivers/md/raid5.c:2058:4: warning: format ‘%lx’ expects argument of type ‘long unsigned int’, but argument 4 has type ‘int’ [-Wformat=]
net/sunrpc/rpcb_clnt.c:848:19: warning: unused variable ‘req’ [-Wunused-variable]
net/sunrpc/rpcb_clnt.c:867:19: warning: unused variable ‘req’ [-Wunused-variable]
net/sunrpc/rpcb_clnt.c:891:19: warning: unused variable ‘req’ [-Wunused-variable]
net/sunrpc/rpcb_clnt.c:928:19: warning: unused variable ‘req’ [-Wunused-variable]
drivers/mfd/tps65910.c:255:6: warning: ‘tps6591x_irqs_chip’ may be used uninitialized in this function [-Wmaybe-uninitialized]
drivers/net/ethernet/alteon/acenic.c:1013:11: warning: format ‘%i’ expects argument of type ‘int’, but argument 2 has type ‘long unsigned int’ [-Wformat=]
drivers/net/ethernet/alteon/acenic.c:1015:11: warning: format ‘%i’ expects argument of type ‘int’, but argument 2 has type ‘long unsigned int’ [-Wformat=]
./include/linux/kern_levels.h:4:18: warning: format ‘%i’ expects argument of type ‘int’, but argument 2 has type ‘long unsigned int’ [-Wformat=]
drivers/net/ethernet/neterion/vxge/vxge-main.c:119:1: warning: the frame size of 1048 bytes is larger than 1024 bytes [-Wframe-larger-than=]
drivers/staging/fbtft/fbtft-sysfs.c:137:1: warning: the frame size of 1032 bytes is larger than 1024 bytes [-Wframe-larger-than=]
drivers/staging/ks7010/ks_wlan_net.c:1704:19: warning: unused variable ‘dwrq’ [-Wunused-variable]
drivers/staging/ks7010/ks_wlan_net.c:2021:19: warning: unused variable ‘dwrq’ [-Wunused-variable]
drivers/staging/ks7010/ks_wlan_net.c:2045:19: warning: unused variable ‘dwrq’ [-Wunused-variable]
drivers/staging/ks7010/ks_wlan_net.c:2206:19: warning: unused variable ‘dwrq’ [-Wunused-variable]
drivers/staging/ks7010/ks_wlan_net.c:3156:9: warning: unused variable ‘uwrq’ [-Wunused-variable]
drivers/staging/rtl8192u/ieee80211/rtl819x_TSProc.c:92:1: warning: the frame size of 1064 bytes is larger than 1024 bytes [-Wframe-larger-than=]
drivers/usb/misc/ftdi-elan.c:108:0: warning: "COMMAND_SIZE" redefined
drivers/usb/misc/ftdi-elan.c:108:0: warning: "COMMAND_SIZE" redefined
drivers/net/wireless/wl3501_cs.c:665:9: warning: ‘sig.status’ is used uninitialized in this function [-Wuninitialized]
drivers/net/wireless/wl3501_cs.c:668:12: warning: ‘sig.cap_info’ may be used uninitialized in this function [-Wmaybe-uninitialized]
drivers/net/wireless/wl3501_cs.c:670:12: warning: ‘sig.cap_info’ may be used uninitialized in this function [-Wmaybe-uninitialized]
drivers/vhost/scsi.c:1176:1: warning: the frame size of 1032 bytes is larger than 1024 bytes [-Wframe-larger-than=]
---

Please use a Prozium II

[-- Attachment #2: Type: text/html, Size: 9829 bytes --]

[kernel-hardening] Re: Compilation error and probable exploit

[gregkh]

On Mon, Jul 17, 2017 at 10:26:53AM -0400, Cleric John Preston wrote:
> Hello,
> 
> In compiling linux 4.9.38 I have a lot of error ...
> I do not think anything is wanted.

Are you using gcc-7?  Was this different from 4.9.37?

thanks,

greg k-h

[kernel-hardening] Re : Re: Compilation error and probable exploit

[Cleric John Preston]

[-- Attachment #1: Type: text/plain, Size: 636 bytes --]

> On Mon, Jul 17, 2017 at 10:26:53AM -0400, Cleric John Preston wrote:
>> Hello,
>>
>> In compiling linux 4.9.38 I have a lot of error ...
>> I do not think anything is wanted.
> Are you using gcc-7? Was this different from 4.9.37?
> thanks,
> greg k-h

No I use gcc-5.3.1 and because this is the latest unofficial version of grsec that I can use. See
https://github.com/minipli/linux-unofficial_grsec/releases
So I'm not ready for a recent version of Linux. The kspp project is still far from providing me with sufficient security.
Moreover, no project offers a solution against ransomwares which is the most frequent threat for users.

[-- Attachment #2: Type: text/html, Size: 1128 bytes --]

Re: [kernel-hardening] Re : Re: Compilation error and probable exploit

[Mathias Krause]

On 18 July 2017 at 08:46, Cleric John Preston
<Cleric.John.Preston@protonmail.com> wrote:
>> On Mon, Jul 17, 2017 at 10:26:53AM -0400, Cleric John Preston wrote:
>>> In compiling linux 4.9.38 I have a lot of error ...
>>> I do not think anything is wanted.
>>
>> Are you using gcc-7? Was this different from 4.9.37?
>
> No I use gcc-5.3.1 and because this is the latest unofficial version of
> grsec that I can use. See
> https://github.com/minipli/linux-unofficial_grsec/releases

In this case you should complain at [1] instead, not here, as your
problem (which one, btw?) is not related to the upstream kernel
v4.9.38 but a heavily patched one.

Cheers,
Mathias

[1] https://github.com/minipli/linux-unofficial_grsec/issues

[kernel-hardening] Re : Re: [kernel-hardening] Re : Re: Compilation error and probable exploit

[Cleric John Preston]

[-- Attachment #1: Type: text/plain, Size: 1724 bytes --]

> -------- Original Message --------
> Subject: Re: [kernel-hardening] Re : Re: Compilation error and probable exploit
> On 18 July 2017 at 08:46, Cleric John Preston
> <Cleric.John.Preston@protonmail.com> wrote:
>>> On Mon, Jul 17, 2017 at 10:26:53AM -0400, Cleric John Preston wrote:
>>>> In compiling linux 4.9.38 I have a lot of error ...
>>>> I do not think anything is wanted.
>>>
>>> Are you using gcc-7? Was this different from 4.9.37?
>>
>> No I use gcc-5.3.1 and because this is the latest unofficial version of
>> grsec that I can use. See
>> https://github.com/minipli/linux-unofficial_grsec/releases
> In this case you should complain at [1] instead, not here, as your
> problem (which one, btw?) is not related to the upstream kernel
> v4.9.38 but a heavily patched one.
> Cheers,
> Mathias

OK but otherwise
linux-4.13-rc1$ grep "warning:" file | grep "uninitialized"
drivers/net/wireless/wl3501_cs.c:665:9: warning: ‘sig.status’ is used uninitialized in this function [-Wuninitialized]
drivers/net/wireless/wl3501_cs.c:668:12: warning: ‘sig.cap_info’ may be used uninitialized in this function [-Wmaybe-uninitialized]
drivers/net/wireless/wl3501_cs.c:670:12: warning: ‘sig.cap_info’ may be used uninitialized in this function [-Wmaybe-uninitialized]
./include/linux/etherdevice.h:321:39: warning: ‘*((void *)&sig+29)’ may be used uninitialized in this function [-Wmaybe-uninitialized]
./include/linux/etherdevice.h:322:38: warning: ‘*((void *)&sig+33)’ may be used uninitialized in this function [-Wmaybe-uninitialized]
drivers/net/wireless/wl3501_cs.c:677:46: warning: ‘sig.ssid.el.len’ may be used uninitialized in this function [-Wmaybe-uninitialized]

---

Please use a Prozium II

[-- Attachment #2: Type: text/html, Size: 2573 bytes --]

[kernel-hardening] Re: Re : Re: [kernel-hardening] Re : Re: Compilation error and probable exploit

[Mathias Krause]

On 19 July 2017 at 08:23, Cleric John Preston
<Cleric.John.Preston@protonmail.com> wrote:
> OK but otherwise
>
> linux-4.13-rc1$ grep "warning:" file | grep "uninitialized"
> drivers/net/wireless/wl3501_cs.c:665:9: warning: ‘sig.status’ is used uninitialized in this function [-Wuninitialized]
> drivers/net/wireless/wl3501_cs.c:668:12: warning: ‘sig.cap_info’ may be used uninitialized in this function [-Wmaybe-uninitialized]
> drivers/net/wireless/wl3501_cs.c:670:12: warning: ‘sig.cap_info’ may be used uninitialized in this function [-Wmaybe-uninitialized]
> ./include/linux/etherdevice.h:321:39: warning: ‘*((void *)&sig+29)’ may be used uninitialized in this function [-Wmaybe-uninitialized]
> ./include/linux/etherdevice.h:322:38: warning: ‘*((void *)&sig+33)’ may be used uninitialized in this function [-Wmaybe-uninitialized]
> drivers/net/wireless/wl3501_cs.c:677:46: warning: ‘sig.ssid.el.len’ may be used uninitialized in this function [-Wmaybe-uninitialized]

False positive from what I can tell as gcc apparently cannot deduce
that the insb() in wl3501_get_from_wla() will fill 'sig' completely,
i.e. will initialize it.

Cheers,
Mathias