Re: CVE 2010-3081 changes internal API

To: Dan Serban <dserban@lodgingcompany.com>
Cc: debian-user@lists.debian.org, debian-kernel@lists.debian.org
Subject: Re: CVE 2010-3081 changes internal API
From: Henrique de Moraes Holschuh <hmh@debian.org>
Date: Wed, 22 Sep 2010 21:46:50 -0300
Message-id: <[🔎] 20100923004650.GB16462@khazad-dum.debian.net>
In-reply-to: <[🔎] 20100922235608.GA16462@khazad-dum.debian.net>
References: <[🔎] 4C99C449.209@lodgingcompany.com> <[🔎] 20100922145428.GB5637@khazad-dum.debian.net> <[🔎] 4C9A8017.80309@lodgingcompany.com> <[🔎] 20100922235608.GA16462@khazad-dum.debian.net>

Of course, it helps if I actually use the correct address for the
debian-kernel ML...

On Wed, 22 Sep 2010, Henrique de Moraes Holschuh wrote:
> On Wed, 22 Sep 2010, Dan Serban wrote:
> > On 09/22/10 07:54, Henrique de Moraes Holschuh wrote:
> > >On Wed, 22 Sep 2010, Dan Serban wrote:
> > >>[1012115.235704] ipmi_devintf: Unknown symbol compat_alloc_user_space
> > >This module and the running kernel are not compatible with each other.
> > 
> > <snip>
> > 
> > So what you're telling me then, is that a bug needs to be filed
> > against the stable kernel?  I can't see stable being stable when
> > modules won't load due to a security update.  At least I'd assume
> > that a broken kernel implementation needs to be fixed.
> 
> compat_alloc_user_space() is only used for syscalls AFAIK.  The rule is: you
> do that, you have to track the kernel.  In fact, it is now GPL-only (so, for
> example, fglrx needs to be modified as it is forbidden from using
> compat_alloc_user_space()).
> 
> I'm adding a CC for the Debian kernel ML, just in case.
> 
> Summary:
>   compat_alloc_user_space() is now EXPORT_SYMBOL_GPL
> 	* cannot be used by fglrx and other non-GPL modules
>         * using arch_compat_alloc_user_space() may reopen CVE-2010-3081
>           if the non-GPL module doesn't do access_ok by itself
> 
>   compat_alloc_user_space() moved from asm/compat.h to linux/compat.h
>         * requires #include changes on out-of-tree modules that use
>           compat_alloc_user_space() for them to build
> 
> > OT: I've found about 4 major bugs with the lenny implementation
> > running in different server roles.  Mainly things that have been
> 
> File bugs.  Provide as much information as you can, the most useful being
> the commits that you want backported, but if you don't know that, at least
> full descriptions of the problem, how to reproduce, and what kernel version
> you know fixed it would be helpful.
> 
> > While I do understand and agree with the "no need to fix it if it
> > a'int broken" mentality, does that mean that lenny does not get
> > patched/bugfixed... just security updates?
> 
> No.  It does get patched/bugfixed.  That's why we have "point releases", and
> that's why it is at 5.0.6 (sixth point release) right now.  But you usually
> have to prod maintainers to fix something on stable, unless it is a very big
> issue or a security issue.

-- 
  "One disk to rule them all, One disk to find them. One disk to bring
  them all and in the darkness grind them. In the Land of Redmond
  where the shadows lie." -- The Silicon Valley Tarot
  Henrique Holschuh

Reply to:

References:
- OpenIPMI in Lenny is mysterious to me.
  - From: Dan Serban <dserban@lodgingcompany.com>
- Re: OpenIPMI in Lenny is mysterious to me.
  - From: Henrique de Moraes Holschuh <hmh@debian.org>
- Re: [Was: OpenIPMI is mysterious] Bugs in Lenny
  - From: Dan Serban <dserban@lodgingcompany.com>
- CVE 2010-3081 changes internal API
  - From: Henrique de Moraes Holschuh <hmh@debian.org>

Prev by Date: CVE 2010-3081 changes internal API
Next by Date: Re: Debian not running in Windoof 7 Virtual PC (in VirtualBox)
Previous by thread: CVE 2010-3081 changes internal API
Next by thread: Lenny: howto install other packages then the default ones ???
Index(es):
- Date
- Thread