tom at whyscream
Oct 22, 2010, 5:39 AM
Post #2 of 4
On 22/10/10 13:21, Anthony G. Basile wrote:
> Hi all hardened users.
> On Oct. 19, a local privilege escalation exploit was found [1,2] that
> affected hardened kernels on all architectures. For certain
> configurations of the hardened kernel, it is possible for a local user
> to obtain root privileges. The current Proof-Of-Concept code can be
> frustrated by not providing symbol information via /proc/kallsyms or
> System.map, but at this time it is unclear if other hardening
> features such as CONFIG_PAX_MEMORY_UDEREF provide adequate protection
> against variations of the POC which do not need symbols.
> All users are encouraged to upgrade to hardened-sources-2.6.32-r22
> which is currently marked stable on amd64 and x86. It is being fast
> tracked on other archs. 
> hardened-sources-2.6.35-r4 is also not vulnerable, but cannot be
> stabilized yet because of a bug in dhcp which also affects
> gentoo-sources-2.6.35-r4.  For those who want kernels > .32 and
> can live with the minor bug, you can safely use
> Later this week, all ebuild for vulnerable kernels will be removed
> from the tree, except for hardened-sources-2.6.34-r6
> hardened-sources-2.6.32-r9 and hardened-sources-2.6.28-r9. These will
> be kept for continuity.
>  http://www.vsecurity.com/resources/advisory/20101019-1/
>  http://bugs.gentoo.org/show_bug.cgi?id=341801
>  http://bugs.gentoo.org/show_bug.cgi?id=341915
>  http://bugs.gentoo.org/show_bug.cgi?id=334341
Just to verify: if I understand
https://bugs.gentoo.org/show_bug.cgi?id=341801 correctly, a secure
replacement for (stable) hardened-sources-2.6.34-r6 on amd64 will not be
stabilized within a month, as it is awaiting baselayout-2 stabilisation
(offtopic: w00t). Or I'd need to downgrade to 2.6.32.
For people running baselayout-2 already, there is no reason not to add
hardened-sources-2.6.35-r4 to package.keywords and upgrade?