Re: [stable] [PATCH] vmsplice exploit fix (was: splice: fix user pointer access in get_iovec_page_array)
On Sunday 10 February 2008 23:53, Greg KH wrote: > I don't think there's much more we need to do here, do you? No amount of information about such a thing is too much information. We do not need to do any more, but we can do more. It is news, how about an entry in the kernel.org news section? How about a security alerts section on kernel.org? There is a lot that can be done to support people who want to patch their kernels as quickly as possible. Regards, Daniel -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH] vmsplice exploit fix (was: splice: fix user pointer access in get_iovec_page_array)
On Sunday 10 February 2008 23:49, Pekka Enberg wrote: > Hi Daniel, > > On Feb 11, 2008 9:29 AM, Daniel Phillips <[EMAIL PROTECTED]> wrote: > > I think many users would first go to kernel.org on a day like > > today, as I did. Nothing to see there. We could do a way better > > job of getting the word out. > > Any suggestions what I could have done better here? You did your part flawlessly as far as I can see. Really, your original subject line was accurate, and lkml should not be the place to go to find the patch, but it is. > As soon as Linus > merged the patch, I sent it to [EMAIL PROTECTED] and expected > information to spread from there. I did also follow up on some vendor > bugzillas (Debian, RHEL, Fedora) to make sure they were aware of the > merged patch (they were). And they are no doubt getting kernel revs out at this very moment, that part of the machine works great. It is just the part about getting out information to users who want to patch their own kernels that could be done better. Regards, Daniel -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH] vmsplice exploit fix (was: splice: fix user pointer access in get_iovec_page_array)
Hi Daniel, On Feb 11, 2008 9:29 AM, Daniel Phillips <[EMAIL PROTECTED]> wrote: > I think many users would first go to kernel.org on a day like today, as > I did. Nothing to see there. We could do a way better job of getting > the word out. Any suggestions what I could have done better here? As soon as Linus merged the patch, I sent it to [EMAIL PROTECTED] and expected information to spread from there. I did also follow up on some vendor bugzillas (Debian, RHEL, Fedora) to make sure they were aware of the merged patch (they were). Pekka -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [stable] [PATCH] vmsplice exploit fix (was: splice: fix user pointer access in get_iovec_page_array)
On Sun, Feb 10, 2008 at 11:29:50PM -0800, Daniel Phillips wrote: > Kudos to all involved in the rapid response. But. > > Information on patching this vulnerability is not available front and > center in many of the places you would expect: kernel.org front page, > debian.org front page, covered on planet.debian.org but without a > pointer to the patch, and so on. So this post provides a subject line > for Google to find, and for good measure mentions the word > vulnerability. All currently active Linux kernel versions are now released with a fix for this problem. We have released them through our normal channels, with the needed information as to what the problem is, a pointer to the CVE number, and the patch itself. I don't think there's much more we need to do here, do you? thanks, greg k-h -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
[PATCH] vmsplice exploit fix (was: splice: fix user pointer access in get_iovec_page_array)
Kudos to all involved in the rapid response. But. Information on patching this vulnerability is not available front and center in many of the places you would expect: kernel.org front page, debian.org front page, covered on planet.debian.org but without a pointer to the patch, and so on. So this post provides a subject line for Google to find, and for good measure mentions the word vulnerability. Also, http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=464953 I think many users would first go to kernel.org on a day like today, as I did. Nothing to see there. We could do a way better job of getting the word out. Patch attached as posted above by Pekka. For the mortals among us: cd linux-2.6.recent && patch Cc: <[EMAIL PROTECTED]> Cc: Jens Axboe <[EMAIL PROTECTED]> Cc: Andrew Morton <[EMAIL PROTECTED]> Signed-off-by: Pekka Enberg <[EMAIL PROTECTED]> --- Bastian, can I have your Signed-off-by for this, please? Oliver, Niki, can you please confirm this closes the hole? fs/splice.c |3 +++ 1 file changed, 3 insertions(+) Index: linux-2.6/fs/splice.c === --- linux-2.6.orig/fs/splice.c +++ linux-2.6/fs/splice.c @@ -1237,6 +1237,9 @@ static int get_iovec_page_array(const st if (unlikely(!base)) break; + if (unlikely(!access_ok(VERIFY_READ, base, len))) + break; + /* * Get this base offset and number of pages, then map * in the user pages.
