[opensuse-kernel] Is there a solution for the CVE-2014-0038 around?
![](https://seccdn.libravatar.org/avatar/3e7687068ab167d014cc0e4cf8a17e55.jpg?s=120&d=mm&r=g)
Hello, did I miss something or is this [1][2] still unpatched in openSUSE 12.3 and 13.1 kernels? After: zypper in linux-sources and: grep -r -e "if (get_compat_timespec(&ktspec, timeout))" /usr/src/* there was the expected output for the _unpatched_ kernel. Much worse, the "CONFIG_X86_X32=y" (for openSUSE 13.1) and "CONFIG_X86_32=y" (for openSUSE 12.3) seems to be available in *every* kernel configuration. Is there a chance to use any kernel parameters for deactivating this problem? I didn't find any solution. Manually patching the kernel is no option for me. In the case of patching myself and the assumption that it will not be fixed in the repositories I will probably end up repairing this after every kernel update. Kind regards, Stefan References: [1] http://www.openwall.com/lists/oss-security/2014/01/31/2 [2] https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2... -- To unsubscribe, e-mail: opensuse-kernel+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-kernel+owner@opensuse.org
![](https://seccdn.libravatar.org/avatar/bff0c215e01f23fcee6fe49e65fae458.jpg?s=120&d=mm&r=g)
On Wed, Feb 05, 2014 at 10:51:37AM +0100, Stefan Hoese wrote:
Hello,
did I miss something or is this [1][2] still unpatched in openSUSE 12.3 and 13.1 kernels?
After:
zypper in linux-sources
and:
grep -r -e "if (get_compat_timespec(&ktspec, timeout))" /usr/src/*
there was the expected output for the _unpatched_ kernel.
Much worse, the "CONFIG_X86_X32=y" (for openSUSE 13.1) and "CONFIG_X86_32=y" (for openSUSE 12.3) seems to be available in *every* kernel configuration. Is there a chance to use any kernel parameters for deactivating this problem? I didn't find any solution.
Manually patching the kernel is no option for me. In the case of patching myself and the assumption that it will not be fixed in the repositories I will probably end up repairing this after every kernel update.
The kernel updates for 12.3 and 13.1 are in the update-test repos and will be released hopefully this week after some smoketesting. You can check them out already at http://download.opensuse.org/update/12.3-test/ or http://download.opensuse.org/update/13.1-test/ Our bugzilla for this is https://bugzilla.novell.com/show_bug.cgi?id=860993 Ciao, Marcus -- To unsubscribe, e-mail: opensuse-kernel+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-kernel+owner@opensuse.org
![](https://seccdn.libravatar.org/avatar/3c853e3d5f9b669794a0244acd63c670.jpg?s=120&d=mm&r=g)
On Wednesday, February 05, 2014 10:55:19 Marcus Meissner wrote:
On Wed, Feb 05, 2014 at 10:51:37AM +0100, Stefan Hoese wrote:
Hello,
did I miss something or is this [1][2] still unpatched in openSUSE 12.3 and 13.1 kernels?
After:
zypper in linux-sources
and:
grep -r -e "if (get_compat_timespec(&ktspec, timeout))" /usr/src/*
there was the expected output for the _unpatched_ kernel.
Much worse, the "CONFIG_X86_X32=y" (for openSUSE 13.1) and "CONFIG_X86_32=y" (for openSUSE 12.3) seems to be available in *every* kernel configuration. Is there a chance to use any kernel parameters for deactivating this problem? I didn't find any solution.
Manually patching the kernel is no option for me. In the case of patching myself and the assumption that it will not be fixed in the repositories I will probably end up repairing this after every kernel update.
The kernel updates for 12.3 and 13.1 are in the update-test repos and will be released hopefully this week after some smoketesting.
You can check them out already at http://download.opensuse.org/update/12.3-test/ or http://download.opensuse.org/update/13.1-test/
Our bugzilla for this is https://bugzilla.novell.com/show_bug.cgi?id=860993
Ciao, Marcus
My unsolicited two cents: Was following this specific vuln on the net and I have to say, the release of patched kernels for 12.3/13.1 so late isn't acceptable. Not to delve into what you'd need to do to actually _get_ root maliciously, but to point out that _every_ major distro out there had it patched in a matter of day or two. Two days ago POC was released too:https://github.com/saelo/cve-2014-0038 yet for a few line patch kernels lie in testing. Kind regards -- To unsubscribe, e-mail: opensuse-kernel+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-kernel+owner@opensuse.org
![](https://seccdn.libravatar.org/avatar/cc08f065136fc60f2122ae98aedfe9c8.jpg?s=120&d=mm&r=g)
On Wed, Feb 5, 2014 at 12:11 PM, Jason <relentropy@gmail.com> wrote:
On Wednesday, February 05, 2014 10:55:19 Marcus Meissner wrote:
On Wed, Feb 05, 2014 at 10:51:37AM +0100, Stefan Hoese wrote:
Hello,
did I miss something or is this [1][2] still unpatched in openSUSE 12.3 and 13.1 kernels?
After:
zypper in linux-sources
and:
grep -r -e "if (get_compat_timespec(&ktspec, timeout))" /usr/src/*
there was the expected output for the _unpatched_ kernel.
Much worse, the "CONFIG_X86_X32=y" (for openSUSE 13.1) and "CONFIG_X86_32=y" (for openSUSE 12.3) seems to be available in *every* kernel configuration. Is there a chance to use any kernel parameters for deactivating this problem? I didn't find any solution.
Manually patching the kernel is no option for me. In the case of patching myself and the assumption that it will not be fixed in the repositories I will probably end up repairing this after every kernel update.
The kernel updates for 12.3 and 13.1 are in the update-test repos and will be released hopefully this week after some smoketesting.
You can check them out already at http://download.opensuse.org/update/12.3-test/ or http://download.opensuse.org/update/13.1-test/
Our bugzilla for this is https://bugzilla.novell.com/show_bug.cgi?id=860993
Ciao, Marcus
My unsolicited two cents:
Was following this specific vuln on the net and I have to say, the release of patched kernels for 12.3/13.1 so late isn't acceptable. Not to delve into what you'd need to do to actually _get_ root maliciously, but to point out that _every_ major distro out there had it patched in a matter of day or two.
Two days ago POC was released too:https://github.com/saelo/cve-2014-0038 yet for a few line patch kernels lie in testing.
This is not a POC, it is a fully working local root exploit. But what hurts most is that CONFIG_X86_X32 is enabled in openSUSE kernels without any reason. -- Thanks, //richard -- To unsubscribe, e-mail: opensuse-kernel+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-kernel+owner@opensuse.org
![](https://seccdn.libravatar.org/avatar/3c853e3d5f9b669794a0244acd63c670.jpg?s=120&d=mm&r=g)
On Thursday, February 06, 2014 02:12:59 you wrote:
On Wed, Feb 5, 2014 at 12:11 PM, Jason <relentropy@gmail.com> wrote:
On Wednesday, February 05, 2014 10:55:19 Marcus Meissner wrote:
On Wed, Feb 05, 2014 at 10:51:37AM +0100, Stefan Hoese wrote:
Hello,
did I miss something or is this [1][2] still unpatched in openSUSE 12.3 and 13.1 kernels?
After:
zypper in linux-sources
and:
grep -r -e "if (get_compat_timespec(&ktspec, timeout))" /usr/src/*
there was the expected output for the _unpatched_ kernel.
Much worse, the "CONFIG_X86_X32=y" (for openSUSE 13.1) and "CONFIG_X86_32=y" (for openSUSE 12.3) seems to be available in *every* kernel configuration. Is there a chance to use any kernel parameters for deactivating this problem? I didn't find any solution.
Manually patching the kernel is no option for me. In the case of patching myself and the assumption that it will not be fixed in the repositories I will probably end up repairing this after every kernel update.
The kernel updates for 12.3 and 13.1 are in the update-test repos and will be released hopefully this week after some smoketesting.
You can check them out already at
http://download.opensuse.org/update/12.3-test/
or
http://download.opensuse.org/update/13.1-test/
Our bugzilla for this is https://bugzilla.novell.com/show_bug.cgi?id=860993
Ciao, Marcus
My unsolicited two cents:
Was following this specific vuln on the net and I have to say, the release of patched kernels for 12.3/13.1 so late isn't acceptable. Not to delve into what you'd need to do to actually _get_ root maliciously, but to point out that _every_ major distro out there had it patched in a matter of day or two.
Two days ago POC was released too:https://github.com/saelo/cve-2014-0038 yet for a few line patch kernels lie in testing.
This is not a POC, it is a fully working local root exploit.
Sure, but it isn't malicious. Semantics aside, we can both agree it works and is in public.
But what hurts most is that CONFIG_X86_X32 is enabled in openSUSE kernels without any reason.
To their defense, most of major distros have it enabled by default bar Fedora which explicitly stated they won't and a few other, minor ones. Actually, to correct OP, this has nothing to do with X86_32, it affects only newish X32 abi. It is the casual approach to the subject that got me. I realize people are busy etc. but fix was in mainline 6 days ago and it isn't something that requires a week of testing. https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2... Anyway, I don't want to offend anyone here and it isn't my intention, apologies if it was or could be taken as such. You (oSS devs) have my utmost respect for the work being done and the product is free, done mostly in people's free time so I shouldn't be complaining. Kind regards, J NB: Resent correctly -- To unsubscribe, e-mail: opensuse-kernel+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-kernel+owner@opensuse.org
![](https://seccdn.libravatar.org/avatar/bff0c215e01f23fcee6fe49e65fae458.jpg?s=120&d=mm&r=g)
On Thu, Feb 06, 2014 at 03:01:38PM +0800, Jason wrote:
On Thursday, February 06, 2014 02:12:59 you wrote:
On Wed, Feb 5, 2014 at 12:11 PM, Jason <relentropy@gmail.com> wrote:
On Wednesday, February 05, 2014 10:55:19 Marcus Meissner wrote:
On Wed, Feb 05, 2014 at 10:51:37AM +0100, Stefan Hoese wrote:
Hello,
did I miss something or is this [1][2] still unpatched in openSUSE 12.3 and 13.1 kernels?
After:
zypper in linux-sources
and:
grep -r -e "if (get_compat_timespec(&ktspec, timeout))" /usr/src/*
there was the expected output for the _unpatched_ kernel.
Much worse, the "CONFIG_X86_X32=y" (for openSUSE 13.1) and "CONFIG_X86_32=y" (for openSUSE 12.3) seems to be available in *every* kernel configuration. Is there a chance to use any kernel parameters for deactivating this problem? I didn't find any solution.
Manually patching the kernel is no option for me. In the case of patching myself and the assumption that it will not be fixed in the repositories I will probably end up repairing this after every kernel update.
The kernel updates for 12.3 and 13.1 are in the update-test repos and will be released hopefully this week after some smoketesting.
You can check them out already at
http://download.opensuse.org/update/12.3-test/
or
http://download.opensuse.org/update/13.1-test/
Our bugzilla for this is https://bugzilla.novell.com/show_bug.cgi?id=860993
Ciao, Marcus
My unsolicited two cents:
Was following this specific vuln on the net and I have to say, the release of patched kernels for 12.3/13.1 so late isn't acceptable. Not to delve into what you'd need to do to actually _get_ root maliciously, but to point out that _every_ major distro out there had it patched in a matter of day or two.
Two days ago POC was released too:https://github.com/saelo/cve-2014-0038 yet for a few line patch kernels lie in testing.
This is not a POC, it is a fully working local root exploit.
Sure, but it isn't malicious. Semantics aside, we can both agree it works and is in public.
But what hurts most is that CONFIG_X86_X32 is enabled in openSUSE kernels without any reason.
To their defense, most of major distros have it enabled by default bar Fedora which explicitly stated they won't and a few other, minor ones.
Actually, to correct OP, this has nothing to do with X86_32, it affects only newish X32 abi.
It is the casual approach to the subject that got me. I realize people are busy etc. but fix was in mainline 6 days ago and it isn't something that requires a week of testing. https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2...
Anyway, I don't want to offend anyone here and it isn't my intention, apologies if it was or could be taken as such. You (oSS devs) have my utmost respect for the work being done and the product is free, done mostly in people's free time so I shouldn't be complaining.
It is kind of bad timing. I am pushing to get this faster. And frankly, a bit of QA is needed for kernels... If we break all users kernels at once its not good. I see if I can get final confirmation from QA today. Ciao, Marcus -- To unsubscribe, e-mail: opensuse-kernel+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-kernel+owner@opensuse.org
![](https://seccdn.libravatar.org/avatar/3c853e3d5f9b669794a0244acd63c670.jpg?s=120&d=mm&r=g)
On Thursday, February 06, 2014 08:18:02 Marcus Meissner wrote:
On Thu, Feb 06, 2014 at 03:01:38PM +0800, Jason wrote:
On Thursday, February 06, 2014 02:12:59 you wrote:
On Wed, Feb 5, 2014 at 12:11 PM, Jason <relentropy@gmail.com> wrote:
On Wednesday, February 05, 2014 10:55:19 Marcus Meissner wrote:
On Wed, Feb 05, 2014 at 10:51:37AM +0100, Stefan Hoese wrote:
Hello,
did I miss something or is this [1][2] still unpatched in openSUSE 12.3 and 13.1 kernels?
After:
zypper in linux-sources
and:
grep -r -e "if (get_compat_timespec(&ktspec, timeout))" /usr/src/*
there was the expected output for the _unpatched_ kernel.
Much worse, the "CONFIG_X86_X32=y" (for openSUSE 13.1) and "CONFIG_X86_32=y" (for openSUSE 12.3) seems to be available in *every* kernel configuration. Is there a chance to use any kernel parameters for deactivating this problem? I didn't find any solution.
Manually patching the kernel is no option for me. In the case of patching myself and the assumption that it will not be fixed in the repositories I will probably end up repairing this after every kernel update.
The kernel updates for 12.3 and 13.1 are in the update-test repos and will be released hopefully this week after some smoketesting.
You can check them out already at
http://download.opensuse.org/update/12.3-test/
or
http://download.opensuse.org/update/13.1-test/
Our bugzilla for this is https://bugzilla.novell.com/show_bug.cgi?id=860993
Ciao, Marcus
My unsolicited two cents:
Was following this specific vuln on the net and I have to say, the release of patched kernels for 12.3/13.1 so late isn't acceptable. Not to delve into what you'd need to do to actually _get_ root maliciously, but to point out that _every_ major distro out there had it patched in a matter of day or two.
Two days ago POC was released too:https://github.com/saelo/cve-2014-0038 yet for a few line patch kernels lie in testing.
This is not a POC, it is a fully working local root exploit.
Sure, but it isn't malicious. Semantics aside, we can both agree it works and is in public.
But what hurts most is that CONFIG_X86_X32 is enabled in openSUSE kernels without any reason.
To their defense, most of major distros have it enabled by default bar Fedora which explicitly stated they won't and a few other, minor ones.
Actually, to correct OP, this has nothing to do with X86_32, it affects only newish X32 abi.
It is the casual approach to the subject that got me. I realize people are busy etc. but fix was in mainline 6 days ago and it isn't something that requires a week of testing. https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id =2def2ef2ae5f3990aabdbe8a755911902707d268
Anyway, I don't want to offend anyone here and it isn't my intention, apologies if it was or could be taken as such. You (oSS devs) have my utmost respect for the work being done and the product is free, done mostly in people's free time so I shouldn't be complaining.
It is kind of bad timing. I am pushing to get this faster.
And frankly, a bit of QA is needed for kernels... If we break all users kernels at once its not good.
I'm sorry, wasn't implying that. Credit where credit is due, this is consequently what openSUSE is all about; solid and quality performance. It was specific to only this subject as it affects (currently) minor abi but has wider reaching consequences than a broken kernel installation.
I see if I can get final confirmation from QA today.
Ciao, Marcus
Good day! Kind regards, J -- To unsubscribe, e-mail: opensuse-kernel+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-kernel+owner@opensuse.org
![](https://seccdn.libravatar.org/avatar/3e7687068ab167d014cc0e4cf8a17e55.jpg?s=120&d=mm&r=g)
Hello Jason, On 02/06/2014 08:01 AM, Jason wrote:
Actually, to correct OP, this has nothing to do with X86_32, it affects only newish X32 abi. That is right. But a 'CONFIG_X86_X32' flag is not available in openSUSE 12.3 kernel configuration.
On an openSUSE 12.3 system I started: zcat /proc/config.gz |grep 'CONFIG_X86_X32' There was empty output. That means even a "# CONFIG_X86_X32" was not available. Nevertheless a: zcat /proc/config.gz |grep 'CONFIG_X86' |less lead to "CONFIG_X86_32=y". I took a look in the kernel sources with: grep -r -e "if (get_compat_timespec(&ktspec, timeout))" /usr/src/* and got the expected output for the unpatched kernel. So I guessed the feature was activated but the flag name has been changed. Maybe I was wrong but then I have no clue what the real name of the feature is under openSUSE 12.3. What is the right name under 12.3? Kind regards, Stefan -- To unsubscribe, e-mail: opensuse-kernel+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-kernel+owner@opensuse.org
![](https://seccdn.libravatar.org/avatar/dcaea5e8a6fad867936a40a9c21e8ff3.jpg?s=120&d=mm&r=g)
Hallo Stefan, Le Thursday 06 February 2014 à 13:36 +0100, Stefan Hoese a écrit :
Hello Jason,
On 02/06/2014 08:01 AM, Jason wrote:
Actually, to correct OP, this has nothing to do with X86_32, it affects only newish X32 abi. That is right. But a 'CONFIG_X86_X32' flag is not available in openSUSE 12.3 kernel configuration.
On an openSUSE 12.3 system I started:
zcat /proc/config.gz |grep 'CONFIG_X86_X32'
There was empty output. That means even a "# CONFIG_X86_X32" was not available.
It definitely was, even openSUSE 12.2 already had it. Are you sure you checked on a x86-64 host? CONFIG_X86_X32 is an X86_64-only setting. -- Jean Delvare Suse L3 Support -- To unsubscribe, e-mail: opensuse-kernel+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-kernel+owner@opensuse.org
![](https://seccdn.libravatar.org/avatar/3e7687068ab167d014cc0e4cf8a17e55.jpg?s=120&d=mm&r=g)
Hello Jean, On 02/06/2014 02:03 PM, Jean Delvare wrote:
It definitely was, even openSUSE 12.2 already had it. Are you sure you checked on a x86-64 host? CONFIG_X86_X32 is an X86_64-only setting.
Thanks for this hint. In fact I didn't notice that I tested on a 32-bit architecture. Because all other systems are x86_64, I assumed wrongly that it must be here the same case. Kind regards, Stefan -- To unsubscribe, e-mail: opensuse-kernel+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-kernel+owner@opensuse.org
![](https://seccdn.libravatar.org/avatar/3c853e3d5f9b669794a0244acd63c670.jpg?s=120&d=mm&r=g)
On Thursday, February 06, 2014 14:03:13 Jean Delvare wrote:
Hallo Stefan,
Le Thursday 06 February 2014 à 13:36 +0100, Stefan Hoese a écrit :
Hello Jason,
On 02/06/2014 08:01 AM, Jason wrote:
Actually, to correct OP, this has nothing to do with X86_32, it affects only newish X32 abi.
That is right. But a 'CONFIG_X86_X32' flag is not available in openSUSE 12.3 kernel configuration.
On an openSUSE 12.3 system I started:
zcat /proc/config.gz |grep 'CONFIG_X86_X32'
There was empty output. That means even a "# CONFIG_X86_X32" was not available.
It definitely was, even openSUSE 12.2 already had it. Are you sure you checked on a x86-64 host? CONFIG_X86_X32 is an X86_64-only setting.
Hi all, This is shelved subject already but nevertheless, just wanted to link to a very good writeup explaining the ABI in question, its bug and the actual exploit, for anyone interested: http://blog.includesecurity.com/2014/03/exploit-CVE-2014-0038-x32-recvmmsg-k... Kind regards, jason -- To unsubscribe, e-mail: opensuse-kernel+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-kernel+owner@opensuse.org
participants (5)
-
Jason
-
Jean Delvare
-
Marcus Meissner
-
Richard Weinberger
-
Stefan Hoese