grsecurity forums


https://forums.grsecurity.net./

Vulerabilities in kernel

https://forums.grsecurity.net./viewtopic.php?f=3&t=1971

Page 1 of 1

Vulerabilities in kernel

PostPosted: Fri May 16, 2008 8:04 am
by hanno
Current kernel 2.6.25-releases fix some security issues, e.g. a permission issue in sys_utimensat and a DoS in ipv6.

Now for grsecurity-users: What should we do? (beside manually splitting out the patches and applying them)

As grsec devs announced that they may stop porting grsec to every new 2.6 kernel, there are imho 3 options:

a) forget about and port to latest 2.6.25 :-)

b) Provide some "fixes" - patchset for .24 which contains all security fixes so this can be applied together with the grsecurity-patch.

c) port the grsecurity patch to some well maintained kernel (ubuntu lts was in the discussion afaik)

No matter which one, one of them should happen really soon.

Re: Vulerabilities in kernel

PostPosted: Fri May 16, 2008 8:05 am
by hanno
Just if you're curious, the vulnerabilities I'm talking about:

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2136
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2148

Re: Vulerabilities in kernel

PostPosted: Fri May 16, 2008 12:24 pm
by cormander
PaX has a 2.6.25.4 test patch released yesterday - it's likely that Brad just needs a little more time before he can finish merge of the rest of grsecurity with all the changes between the 2.6.24 and 2.6.25 kernels.

http://grsecurity.net/test/pax-linux-2. ... st11.patch

Re: Vulerabilities in kernel

PostPosted: Sun May 18, 2008 1:42 pm
by spender
I've uploaded new patches for 2.4.36.4 and 2.6.25.4. Due to the addition of 64-bit capabilities in the 2.6 kernel, userland/kernel RBAC structures had to be updated, so the grsecurity version number has been incremented as well. This means you'll need to grab the latest gradm to use the RBAC system.

-Brad

Re: Vulerabilities in kernel

PostPosted: Mon May 19, 2008 3:20 pm
by cormander
Hey Brad,

Thanks for the 2.6.25 kernel update!

Since the latest testing version of grsecurity is now 2.1.12, and the "stable" is 2.1.11... any reason not to move the 2.6.24.7 patch to stable? Regarding the above vulnerabilities, these two patches correct them in the 2.6.24.7 kernel; you could append them to the bottom of the grsecurity patch:

http://www.ravencore.com/packages/kerne ... 2136.patch
http://www.ravencore.com/packages/kerne ... 2148.patch

What do you think?

Re: Vulerabilities in kernel

PostPosted: Tue Jun 10, 2008 7:24 am
by fed.linuxgossip
Hi,

Is a grsec patched 2.6.24.6 or 2.6.24.4 secure against the following vulnerability ?


http://secunia.com/advisories/30580/


Thanks

Re: Vulerabilities in kernel

PostPosted: Tue Jun 10, 2008 9:12 am
by cormander
Nope. You've either got to patch it manually or go with the latest test patch.

My current 2.6.24.7 grsecurity RPM however is patched against this and other CVEs that affect that tree (along with a very many other things).

Re: Vulerabilities in kernel

PostPosted: Tue Jun 10, 2008 12:21 pm
by fed.linuxgossip
Thank you can you give any idea on the patch source for this and maybe a two three liner howto would be helpful for all.
All times are UTC - 5 hours [ DST ]
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Group
https://www.phpbb.com/