r4444 - people/micah

Dann Frazier dannf at costa.debian.org
Thu Oct 13 16:38:29 UTC 2005 

Author: dannf
Date: 2005-10-13 16:38:28 +0000 (Thu, 13 Oct 2005)
New Revision: 4444

Modified:
   people/micah/pending_CVE_requests
Log:
updates...

Modified: people/micah/pending_CVE_requests
===================================================================
--- people/micah/pending_CVE_requests	2005-10-13 16:38:09 UTC (rev 4443)
+++ people/micah/pending_CVE_requests	2005-10-13 16:38:28 UTC (rev 4444)
@@ -2,8 +2,16 @@
 A local denial of service was discovered in the ptrace code for ia64 in
 linux-2.6.8 enabling unprivledged users to trigger an oops when
 CONFIG_PREEMPT is enabled in the kernel configuration.
-TODO: dannf looking for reference
-TODO: is this included in 2.6.8-16sarge1?
+TODO: dannf looking for HP-developed exploit code
+dannf: The exploit code was tested on 2.6.8-2.6.10, only 2.6.8 demonstrated the problem.
+dannf: It was very reproducible with PREEMPT enabled, but not at all reproducible without PREEMPT
+dannf: However; we were unable to find any changeset in bitkeeper that we could identify as a fix for this.
+dannf: Since then, the exploit code has been lost and the developer has lost it.
+dannf:
+dannf: Since no other distributions appear to be vulnerable, and a fix is difficult to find, I believe
+dannf: we should disable PREEMPT in a security update for ia64.  Unless we can find the exploit code, it may
+dannf: not be worth allocating a CAN ID.  Disabling PREEMPT is a ABI change, so it would be best to
+dannf: coalesce this with another ABI event.
 
 Patches included in 2.6.8-16sarge1:
 
@@ -19,6 +27,8 @@
 Draft CVE text:
 Leaks were discovered in the exec structure of linux-2.6, resulting in
 pending signal loss... how is this a security problem?
+dannf: I don't think this is a security problem; the patch name is a misnomer - it was submitted
+dannf: at the same time as a patch that fixes a leak, but this patch actual prevents a signal loss
 URL: http://linux.bkbits.net:8080/linux-2.6/cset@4174ac1exFxpMg163OsRuPZLQrlBKg
 TODO: Description is weak, also what upstream version is this fixed in?

More information about the Kernel-svn-changes mailing list