Re: [Users] 2.6.22/2.6.18 security fixes

2008-02-18 Thread Kir Kolyshkin 
The fix for this issue was included into 2.6.18 kernels .spec file (to 
release the fix faster). Now we pushed that to git, too, it is available.



2.6.24 kernel (not yet released) was just synced to latest 2.6.24.2 
update, which covers the security issue as well.



2.6.20 and 2.6.22 are frozen, means they are obsoleted and unmaintained.

Regards,
 Kir.

Josip Rodin wrote:

Hi,

It would be useful if the linux-2.6.22-openvz tree included the security
fixes added in the later versions of the 2.6.22 kernel. Notably:

http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.22.y.git;a=commitdiff;h=af395d8632d0524be27d8774a1607e68bdb4dd7f
http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.22.y.git;a=commitdiff;h=53d06121542c36ec0f0e5504c8358a768e25cb9a

Does the 'frozen' tag preclude including these things? The 2.6.22 kernel is
still described as maintained on the main web site, so it would make sense
to add those fixes.

At the same time, the linux-2.6.18-openvz tree is missing the fs/splice.c
fix for get_iovec_page_array(), WRT the latest local root exploit. There
is no upstream git reference for that, because stable/linux-2.6.18.y.git
appears to be long abandoned, so here's the patch:

--- linux-2.6.18/fs/splice.c~   2008-02-12 00:34:49.0 +0100
+++ linux-2.6.18/fs/splice.c2008-02-12 00:34:49.0 +0100
@@ -1122,6 +1122,11 @@
size_t len;
int i;
 
+		if (!access_ok(VERIFY_READ, iov, sizeof(struct iovec))) {

+   error = -EFAULT;
+   break;
+   }
+
/*
 * Get user address base and length for this iovec.
 */
@@ -1141,6 +1146,11 @@
if (unlikely(!base))
break;
 
+		if (!access_ok(VERIFY_READ, base, len)) {

+   error = -EFAULT;
+   break;
+   }
+
/*
 * Get this base offset and number of pages, then map
 * in the user pages.

  


___
Users mailing list
Users@openvz.org
https://openvz.org/mailman/listinfo/users

Re: [Users] OpenVZ oops in shrink_dcache_for_umount

2008-02-18 Thread Kir Kolyshkin 

Please file a bug to http://bugzilla.openvz.org/

Frederik Himpe wrote:
I am using Debian GNU/Linux Lenny with kernel 
2.6.18-8.1.14.el5.028stab045.1 (x86_64). The VEs are on an XFS file 
system.


When stopping a VE with vzctl stop, the kernel oopsed in 
shrink_dcache_for_umount and the box completely hung with this backtrace.

http://artipc10.vub.ac.be/files/openvz-oops.jpeg

Is this is a known problem?

  


___
Users mailing list
Users@openvz.org
https://openvz.org/mailman/listinfo/users

Re: [Users] New kernel release?

2008-02-18 Thread Kir Kolyshkin 

Rus Foster wrote:

HI
I know there is a bug report open for the new kernel release for the 
vmsplice exploit but wondered if there was a date as it apparently 
should already of been released but nothing yet


2.6.9 kernel is not vulnerable.

For 2.6.18 kernels, see last messages on the announce@ list:
http://openvz.org/pipermail/announce/2008-February/thread.html

2.6.20 and 2.6.22 kernels are not maintained anymore, we recommend you 
to switch to rhel5-2.6.18 (for production environments) or maybe to 
2.6.24 (for bleeding edge).


2.6.24 git tree is now synced with latest 2.6.24.2 which contains the 
needed fix.


Regards,
 Kir.
___
Users mailing list
Users@openvz.org
https://openvz.org/mailman/listinfo/users