[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#865549: linux-image-3.16.0-4-powerpc64le: stackguard fix incorrect; probably causes cargo to segfault on ppc64el

jrtc27 graciously lent me access to a VM so I'm building it now and will test it some time tomorrow.

X

Ximin Luo:
> Hi, unfortunately I don't have root access to any ppc64el machines to be able to install a new kernel, I only have access to plummer.debian.org. (Also you didn't build them for ppc64el yet.)
> 
> There are some things different about what we're seeing in cargo, vs the provided C code that segfaults. However the timing is too coincidental so I'm still inclined to think it's caused by this bug. But unfortunately I don't know how I can test this myself.
> 
> Could you release this to stable so that I can ask the buildd people to install this on plummer, so I can test it?
> 
> Or, if anyone else is able to test it, you can download and extract this: https://static.rust-lang.org/dist/rust-1.18.0-powerpc64le-unknown-linux-gnu.tar.gz then run `for i in {1..10}; do rust-1.18.0-powerpc64le-unknown-linux-gnu/cargo/bin/cargo -V; done` and see if it segfaults.
> 
> X
> 
> Ben Hutchings:
>> Control: tag -1 moreinfo
>>
>> On Thu, 22 Jun 2017 19:02:26 +0200 Ximin Luo <infinity0@debian.org>
>> wrote:
>>> Package: linux-image-3.16.0-4-powerpc64le
>>> Version: 3.16.43-2+deb8u1
>>> Severity: critical
>>> Justification: breaks unrelated software
>>>  
>>> Dear Maintainer,
>>>  
>>> I have been getting segfaults trying to build cargo on ppc64el
>>>  
>>> https://github.com/rust-lang/cargo/issues/4197
>>>  
>>> The signs point to the recent stack guard fix as being the culprit, I can
>>> confirm that the test program given here:
>>>  
>>> http://www.openwall.com/lists/oss-security/2017/06/22/6
>>>  
>>> indicates the presence of the bug on plummer.debian.org. I'm not very familiar
>>> with kernel development so I don't know where the proper fix is, but subsequent
>>> discussion on that thread suggests that mainline has the "correct fix" whereas
>>> some distros applied an incorrect one.
>>
>> Can you please test with this candidate fix?
>> https://people.debian.org/~benh/packages/CVE-2017-1000364/
>>
>> Ben.
>>
> 
> 


-- 
GPG: ed25519/56034877E1F87C35
GPG: rsa4096/1318EFAC5FBBDBCE
https://github.com/infinity0/pubkeys.git
Reply to: