** Description changed: + [Impact] + + The testcase test_095_kernel_symbols_missing_proc_self_stack from + ubuntu_qrt_kernel_security testsuite started to fail with Trusty kernel + (3.13) after the fix for CVE-2018-17972 ("proc: restrict kernel stack + dumps to root"), which prevents a regular user to read from + /proc/self/stack. + Kernel: 3.13.0-165.215~precise1 The test failed with: - AssertionError: cat: /proc/self/stack: Permission denied - + AssertionError: cat: /proc/self/stack: Permission denied FAIL: test_095_kernel_symbols_missing_proc_self_stack (__main__.KernelSecurityTest) kernel addresses in /proc/self/stack are zeroed out ---------------------------------------------------------------------- Traceback (most recent call last): File "./test-kernel-security.py", line 1364, in test_095_kernel_symbols_missing_proc_self_stack self._check_pK_files(self._095_kernel_symbols_missing_proc_self_stack, expected=expected) File "./test-kernel-security.py", line 1209, in _check_pK_files test_function(expected_restricted) File "./test-kernel-security.py", line 1320, in _095_kernel_symbols_missing_proc_self_stack expected, retry=True) File "./test-kernel-security.py", line 1146, in _read_twice self.assertEqual(rc, 0, regular) AssertionError: cat: /proc/self/stack: Permission denied + + The testcase checks the file permission before trying to read it, and + for kernel 3.13 the permissions became inconsistent with what the user + can actually do: + + $ cat /proc/self/stack + cat: /proc/self/stack: Permission denied + $ ls -l /proc/self/stack + -r--r--r-- 1 ubuntu ubuntu 0 Jan 24 04:06 /proc/self/stack + + [Test Case] + Run 'cat' and 'ls' on the file as stated above, or run the ubuntu_qrt_kernel_security testsuite and check for the results of the test_095_kernel_symbols_missing_proc_self_stack testcase. + + [Fix] + Upstream commit 35a35046e4f9 ("procfs: make /proc/*/{stack,syscall,personality} 0400") applied for v3.15-rc1 fixes the issue. + + [Regression Potential] + The upstream fix changes the permissions of the files /proc/*/{stack,syscall,personality}, so userspace which relies on reading these files as regular users might fail. However, this fixes a security issue and is already applied on our later series.
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1813001 Title: test_095_kernel_symbols_missing_proc_self_stack failed on P-LTS To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-kernel-tests/+bug/1813001/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs