Roman Vesely | 7 Jul 20:38 2006
Picon

Any plan to release STABLE grsec for 2.6.[16|17] ?

Hello,

Last stable grsec is more than 6 month's old.
Any plan to make next stable release?

Thanks,

Roman
Jason Hamilton | 7 Jul 20:46 2006

Re: Any plan to release STABLE grsec for 2.6.[16|17] ?

Roman,

  Checkout 
http://grsecurity.net/~spender/grsecurity-2.1.9-2.6.17.3-200607060904.patch
Brad puts new developments in there first for testing and 
are generally quite stable.

-Jason

Roman Vesely wrote:
> Hello,
> 
> Last stable grsec is more than 6 month's old.
> Any plan to make next stable release?
> 
> Thanks,
> 
> Roman
> _______________________________________________
> grsecurity mailing list
> grsecurity@...
> http://grsecurity.net/cgi-bin/mailman/listinfo/grsecurity
> 
Les | 8 Jul 02:25 2006

[SA20953] Linux Kernel "prctl" Privilege Escalation Vulnerability

Greetings all,
This advisory just made it's way to me. I have yet to locate a proof of concept test to verify this vulnerability. I felt the best course of action is ask the experts here if the current stable 2.6 release (grsecurity-2.1.8-2.6.14.6-200601211647) is sufficient to protect against this. Regards, Les -----Original Message----- From: Secunia Security Advisories [mailto:sec-adv-DxnHIQXg/tVBDgjK7y7TUQ@public.gmane.org] TITLE: Linux Kernel "prctl" Privilege Escalation Vulnerability SECUNIA ADVISORY ID: SA20953 VERIFY ADVISORY: http://secunia.com/advisories/20953/ CRITICAL: Less critical IMPACT: Security Bypass, Privilege escalation WHERE: Local system OPERATING SYSTEM: Linux Kernel 2.6.x http://secunia.com/product/2719/ DESCRIPTION: A vulnerability has been reported in the Linux Kernel, which can be exploited by malicious, local users to bypass certain security restrictions or potentially gain escalated privileges. The vulnerability is caused due to improper handling of core dumps. This can be exploited to dump core files into usually restricted directories or potentially gain root privileges. SOLUTION: Update to version 2.6.17.4. http://www.kernel.org/ PROVIDED AND/OR DISCOVERED BY: The vendor credits Red Hat. ORIGINAL ADVISORY: http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.17.4
-- Regards, Les F. http://www.JaguarPC.com Phone 1.800.558.5869 Fax 1.713.960.1581
_______________________________________________
grsecurity mailing list
grsecurity@...
http://grsecurity.net/cgi-bin/mailman/listinfo/grsecurity
fire-eyes | 8 Jul 02:41 2006

Re: [SA20953] Linux Kernel "prctl" Privilege Escalation Vulnerability

On Friday 07 July 2006 20:25, Les wrote:
> <!DOCTYPE html PUB [snip]

Thank you, however, can we please get that in plain text? No, I don't want to 
start a txt vs html mail war... Please don't reply that way.

--

-- 
"When you walk across the fields with your mind pure and holy, then from
all the stones, and all growing things, and all animals, the sparks of
their soul come out and cling to you. And then they are purified, and
become a holy fire in you." -- Ancient Hasidic Saying
Les | 8 Jul 02:49 2006

Re: [SA20953] Linux Kernel "prctl" Privilege Escalation Vulnerability

Resent via plain text.  Sorry for the trouble.

Greetings all,

  This advisory just made it's way to me.  I have yet to locate a proof 
of concept test to verify this vulnerability.  I felt the best course of 
action is ask the experts here if the current stable 2.6 release 
(grsecurity-2.1.8-2.6.14.6-200601211647) is sufficient to protect 
against this. 

  Regards,
    Les

fire-eyes wrote:
> On Friday 07 July 2006 20:25, Les wrote:
>   
>> <!DOCTYPE html PUB [snip]
>>     
>
> Thank you, however, can we please get that in plain text? No, I don't want to 
> start a txt vs html mail war... Please don't reply that way.
>
>   
pageexec | 8 Jul 03:03 2006
Picon

Re: [SA20953] Linux Kernel "prctl" Privilege Escalation Vulnerability

On 7 Jul 2006 at 20:41, fire-eyes wrote:

> On Friday 07 July 2006 20:25, Les wrote:
> > <!DOCTYPE html PUB [snip]
> 
> Thank you, however, can we please get that in plain text? No, I don't want to 
> start a txt vs html mail war... Please don't reply that way.
> 
> -- 
> "When you walk across the fields with your mind pure and holy, then from
> all the stones, and all growing things, and all animals, the sparks of
> their soul come out and cling to you. And then they are purified, and
> become a holy fire in you." -- Ancient Hasidic Saying

not to rain on your parade, but i think i'm not the only one who sees
a certain discrepancy between 2 lines of content and a 4 line sig...

as for the original question, no, the 2.6.14 patch doesn't fix this bug
and you need to apply the mainline patch yourself.
Les | 8 Jul 03:07 2006

Re: [SA20953] Linux Kernel "prctl" Privilege Escalation Vulnerability

Arg, and of course when I resend it in plain text I fail to include the 
notice itself.  Here it is.

-----Original Message-----
From: Secunia Security Advisories [mailto:sec-adv@...]

TITLE:
Linux Kernel "prctl" Privilege Escalation Vulnerability

SECUNIA ADVISORY ID:
SA20953

VERIFY ADVISORY:
http://secunia.com/advisories/20953/

CRITICAL:
Less critical

IMPACT:
Security Bypass, Privilege escalation

WHERE:
Local system

OPERATING SYSTEM:
Linux Kernel 2.6.x
http://secunia.com/product/2719/

DESCRIPTION:
A vulnerability has been reported in the Linux Kernel, which can be
exploited by malicious, local users to bypass certain security restrictions
or potentially gain escalated privileges.

The vulnerability is caused due to improper handling of core dumps.
This can be exploited to dump core files into usually restricted directories
or potentially gain root privileges.

SOLUTION:
Update to version 2.6.17.4.
http://www.kernel.org/

PROVIDED AND/OR DISCOVERED BY:
The vendor credits Red Hat.

ORIGINAL ADVISORY:
http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.17.4

  Regards,
    Les F.

Les wrote:
> Resent via plain text.  Sorry for the trouble.
>
> Greetings all,
>
>  This advisory just made it's way to me.  I have yet to locate a proof 
> of concept test to verify this vulnerability.  I felt the best course 
> of action is ask the experts here if the current stable 2.6 release 
> (grsecurity-2.1.8-2.6.14.6-200601211647) is sufficient to protect 
> against this.
>  Regards,
>    Les
>
>
>
> fire-eyes wrote:
>> On Friday 07 July 2006 20:25, Les wrote:
>>  
>>> <!DOCTYPE html PUB [snip]
>>>     
>>
>> Thank you, however, can we please get that in plain text? No, I don't 
>> want to start a txt vs html mail war... Please don't reply that way.
>>
>>   
> _______________________________________________
> grsecurity mailing list
> grsecurity@...
> http://grsecurity.net/cgi-bin/mailman/listinfo/grsecurity
Boysenberry Payne | 17 Jul 16:37 2006

New to grsecurity and updating my kernel

I was just informed that I should update my current kernel
build, which until recently was managed for me, from
2.6.11.12-grsec to a new version.  Can I use the current:
grsecurity-2.1.9-2.6.17.4-200607120947.patch
on the 2.6.17.6 kernel, or do I need to use a 2.6.17.4 build?

Thanks,
-BOP

"The more I know the more I know I don't know." -Socrates
Jakub Cerveny | 17 Jul 19:12 2006
Picon

Re: New to grsecurity and updating my kernel

hi,

in 2.6.17.{5,6} kernels was changed only one file fs/proc/base.c - 

 Makefile       |    2 +-
 fs/proc/base.c |    3 ++-
 2 files changed, 3 insertions(+), 2 deletions(-)

and grsecurity patches doesn't affect this file, so you could use
2.6.17.4 patches against 2.6.17.6 kernel

regards,

Jakub 

On Mon, 2006-07-17 at 09:37 -0500, Boysenberry Payne wrote:
> I was just informed that I should update my current kernel
> build, which until recently was managed for me, from
> 2.6.11.12-grsec to a new version.  Can I use the current:
> grsecurity-2.1.9-2.6.17.4-200607120947.patch
> on the 2.6.17.6 kernel, or do I need to use a 2.6.17.4 build?
> 
> Thanks,
> -BOP
> 
> "The more I know the more I know I don't know." -Socrates
> 
> _______________________________________________
> grsecurity mailing list
> grsecurity@...
> http://grsecurity.net/cgi-bin/mailman/listinfo/grsecurity
Boysenberry Payne | 17 Jul 20:30 2006

Re: New to grsecurity and updating my kernel

So if I have grsecurity-2.1.9-2.6.17.4-200607120947.patch in the same 
directory
as my unpacked linux-2.6.17.6 directory the following ought to patch 
the source?

patch -p0 < ./grsecurity-2.1.9-2.6.17.4-200607120947.patch

Do I do this before do the following?

make oldconfig
make
make modules_install
install

Does this seem right?

Thanks,
Boysenberry

boysenberrys.com | habitatlife.com | selfgnosis.com

On Jul 17, 2006, at 12:12 PM, Jakub Cerveny wrote:

> hi,
>
> in 2.6.17.{5,6} kernels was changed only one file fs/proc/base.c -
>
>  Makefile       |    2 +-
>  fs/proc/base.c |    3 ++-
>  2 files changed, 3 insertions(+), 2 deletions(-)
>
> and grsecurity patches doesn't affect this file, so you could use
> 2.6.17.4 patches against 2.6.17.6 kernel
>
> regards,
>
> Jakub
>
> On Mon, 2006-07-17 at 09:37 -0500, Boysenberry Payne wrote:
>> I was just informed that I should update my current kernel
>> build, which until recently was managed for me, from
>> 2.6.11.12-grsec to a new version.  Can I use the current:
>> grsecurity-2.1.9-2.6.17.4-200607120947.patch
>> on the 2.6.17.6 kernel, or do I need to use a 2.6.17.4 build?
>>
>> Thanks,
>> -BOP
>>
>> "The more I know the more I know I don't know." -Socrates
>>
>> _______________________________________________
>> grsecurity mailing list
>> grsecurity@...
>> http://grsecurity.net/cgi-bin/mailman/listinfo/grsecurity
>
>
>

Gmane