All of lore.kernel.org
 help / color / mirror / Atom feed
From: Andy Lutomirski <luto@amacapital.net>
To: Greg KH <gregkh@linuxfoundation.org>
Cc: Eric Paris <eparis@redhat.com>,
	Linus Torvalds <torvalds@linux-foundation.org>,
	linux-audit@redhat.com,
	"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
	stable <stable@vger.kernel.org>
Subject: Re: [PATCH 1/2] auditsc: audit_krule mask accesses need bounds checking
Date: Mon, 9 Jun 2014 17:30:19 -0700	[thread overview]
Message-ID: <CALCETrXpUZsUOoFgG4GRvStjLkWCn5=pNDFPTm-t5g=8HRaDhw@mail.gmail.com> (raw)
In-Reply-To: <20140610003234.GB20728@kroah.com>

On Mon, Jun 9, 2014 at 5:32 PM, Greg KH <gregkh@linuxfoundation.org> wrote:
> On Mon, Jun 09, 2014 at 03:55:20PM -0700, Andy Lutomirski wrote:
>> On Mon, Jun 9, 2014 at 3:46 PM, Greg KH <gregkh@linuxfoundation.org> wrote:
>> > On Mon, Jun 09, 2014 at 03:35:02PM -0700, Andy Lutomirski wrote:
>> >> On Mon, Jun 9, 2014 at 3:30 PM, Greg KH <gregkh@linuxfoundation.org> wrote:
>> >> > On Wed, May 28, 2014 at 11:09:58PM -0400, Eric Paris wrote:
>> >> >> From: Andy Lutomirski <luto@amacapital.net>
>> >> >>
>> >> >> Fixes an easy DoS and possible information disclosure.
>> >> >>
>> >> >> This does nothing about the broken state of x32 auditing.
>> >> >>
>> >> >> eparis: If the admin has enabled auditd and has specifically loaded audit
>> >> >> rules.  This bug has been around since before git.  Wow...
>> >> >>
>> >> >> Cc: stable@vger.kernel.org
>> >> >> Signed-off-by: Andy Lutomirski <luto@amacapital.net>
>> >> >> Signed-off-by: Eric Paris <eparis@redhat.com>
>> >> >> ---
>> >> >>  kernel/auditsc.c | 27 ++++++++++++++++++---------
>> >> >>  1 file changed, 18 insertions(+), 9 deletions(-)
>> >> >
>> >> > Did this patch get dropped somewhere?  Isn't it a valid bugfix, or did I
>> >> > miss a later conversation about this?
>> >>
>> >> Hmm.  It seems that it didn't make it into Linus' tree.  Crap.
>> >>
>> >> IMO we need some kind of real tracking system for issues reported to
>> >> security@.
>> >
>> > That seems to be my mbox at times :)
>> >
>> > But yes, having something "real" might be good if the load gets higher,
>> > right now it's so low that my "sweep pending security patches" task
>> > usually catches anything pending, which is rare.
>> >
>>
>> There are currently at least two issues that I reported that are stuck
>> in limbo: this one and the (not-yet-public) vfs thing.
>
> That was next on my list to poke people about...
>
>> And there's the CVE-2014-0181 regression fix that almost got
>> forgotten, but that isn't really a security issue.
>
> What is that, where was that reported?

commit 2d7a85f4b06e9c27ff629f07a524c48074f07f81
Author: Eric W. Biederman <ebiederm@xmission.com>
Date:   Fri May 30 11:04:00 2014 -0700

    netlink: Only check file credentials for implicit destinations


The security issue got fixed quickly, but the fix turned out to be problematic.

--Andy

  reply	other threads:[~2014-06-10  0:30 UTC|newest]

Thread overview: 23+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2014-05-29  3:09 [PATCH 1/2] auditsc: audit_krule mask accesses need bounds checking Eric Paris
2014-05-29  3:09 ` [PATCH 2/2] audit: do not select HAVE_ARCH_AUDITSYSCALL on x32 Eric Paris
2014-06-09 22:30 ` [PATCH 1/2] auditsc: audit_krule mask accesses need bounds checking Greg KH
2014-06-09 22:35   ` Andy Lutomirski
2014-06-09 22:46     ` Greg KH
2014-06-09 22:55       ` Andy Lutomirski
2014-06-10  0:32         ` Greg KH
2014-06-10  0:30           ` Andy Lutomirski [this message]
2014-06-10  0:37             ` Greg KH
2014-06-09 23:35       ` Josh Boyer
2014-06-10  0:31         ` Greg KH
2014-06-10  0:51           ` Andy Lutomirski
2014-06-10  2:57             ` Greg KH
2014-06-10  4:04               ` Andy Lutomirski
2014-06-10  4:14                 ` Greg KH
2014-06-09 22:53     ` Linus Torvalds
2014-06-09 22:56       ` Andy Lutomirski
2014-06-09 23:36         ` Linus Torvalds
2014-06-10 12:50           ` Eric Paris
2014-06-10 12:50             ` Eric Paris
2014-06-10 15:42             ` Linus Torvalds
2014-06-10 15:48               ` Linus Torvalds
  -- strict thread matches above, loose matches on Subject: below --
2014-05-28 22:21 [PATCH 0/2] Fix auditsc DoS and move it to staging Andy Lutomirski
2014-05-28 22:21 ` [PATCH 1/2] auditsc: audit_krule mask accesses need bounds checking Andy Lutomirski

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to='CALCETrXpUZsUOoFgG4GRvStjLkWCn5=pNDFPTm-t5g=8HRaDhw@mail.gmail.com' \
    --to=luto@amacapital.net \
    --cc=eparis@redhat.com \
    --cc=gregkh@linuxfoundation.org \
    --cc=linux-audit@redhat.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=stable@vger.kernel.org \
    --cc=torvalds@linux-foundation.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.