LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 08-13-2009, 05:18 PM   #1
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
Exclamation Linux NULL pointer dereference due to incorrect proto_ops initializations


Quote:
Tavis Ormandy and [Julien Tinnes] have recently found and investigated a Linux kernel vulnerability. It affects all 2.4 and 2.6 kernels since 2001 on all architectures. [They] believe this is the public vulnerability affecting the greatest number of kernel versions.

The issue lies in how Linux deals with unavailable operations for some protocols. sock_sendpage and others don't check for NULL pointers before dereferencing operations in the ops structure. Instead the kernel relies on correct initialization of those proto_ops structures with stubs (such as sock_no_sendpage) instead of NULL pointers.
Complete Article (Please note that Linus Torvalds commited a patch for this today).

BTW, thanks to Slashdot for covering this.

Last edited by win32sux; 08-13-2009 at 05:21 PM.
 
Old 08-14-2009, 06:30 AM   #2
bloodsugar
Member
 
Registered: May 2009
Posts: 36

Rep: Reputation: 18
Is this a problem that your distro would issue an updated package for? or do you need to fix the problem yourself?

Last edited by bloodsugar; 08-14-2009 at 06:32 AM.
 
Old 08-14-2009, 06:55 AM   #3
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,155
Blog Entries: 54

Rep: Reputation: 2793Reputation: 2793Reputation: 2793Reputation: 2793Reputation: 2793Reputation: 2793Reputation: 2793Reputation: 2793Reputation: 2793Reputation: 2793Reputation: 2793
Distributions can backport fixes and release an updated kernel package but you can also compile the vanilla kernel.org kernel yourself if you wouldn't want to wait.
 
Old 08-14-2009, 08:31 AM   #4
bloodsugar
Member
 
Registered: May 2009
Posts: 36

Rep: Reputation: 18
Thanks unSpawn.

I have compiled a vanilla kernel from kernel.org in the past, however, I have not applied a fix like this before, Im guessing its a case of copying the file to the correct directory in the kernel source and compiling?

Is there a chance I could screw this up? would I be better off waiting for kernel.org to update their 2.6 kernel and then compiling that?

Last edited by bloodsugar; 08-14-2009 at 08:32 AM.
 
Old 08-14-2009, 08:53 AM   #5
slimm609
Member
 
Registered: May 2007
Location: Chas, SC
Distribution: slackware, gentoo, fedora, LFS, sidewinder G2, solaris, FreeBSD, RHEL, SUSE, Backtrack
Posts: 428

Rep: Reputation: 65
Quote:
Originally Posted by bloodsugar View Post
Thanks unSpawn.

I have compiled a vanilla kernel from kernel.org in the past, however, I have not applied a fix like this before, Im guessing its a case of copying the file to the correct directory in the kernel source and compiling?

Is there a chance I could screw this up? would I be better off waiting for kernel.org to update their 2.6 kernel and then compiling that?
kernel.org has applied the fix to the tree yesterday but not all vendors have a fix yet

https://bugzilla.redhat.com/show_bug.cgi?id=516949#c10

here is the recommended red hat fix for the time being. It may work on other distros since its all modprobe changes but not 100% sure. (i dont see why it wont tho)
 
Old 08-14-2009, 08:57 PM   #6
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Original Poster
Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
Quote:
Originally Posted by bloodsugar View Post
I have compiled a vanilla kernel from kernel.org in the past, however, I have not applied a fix like this before, Im guessing its a case of copying the file to the correct directory in the kernel source and compiling?
Kind of. You basically download the patch, then run it through the patch program, which will apply the necessary changes to the file(s) in your source code. You can read something like this to get a better understanding of the patching process. It's actually really simple once you get the hang of it.

Quote:
Is there a chance I could screw this up? would I be better off waiting for kernel.org to update their 2.6 kernel and then compiling that?
Of course there's a chance you could screw up. BTW, what distro do you use? I ask because your distro will likely be releasing updated kernel packages soon (check with their bug tracker for relevant discussion). For what it's worth, Debian released a patched kernel package today.
Code:
win32sux@stingray:~$ uname -a
Linux stingray 2.6.26-2-486 #1 Fri Aug 14 01:02:21 UTC 2009 i686 GNU/Linux
So it looks like you've got at least three choices: wait for your distro to release an updated kernel package; wait for upstream to release a new stable source tarball; or download the current upstream stable source tarball and patch it on your own. The urgency with which you need to fix this vulnerability should probably be the determining factor.

Last edited by win32sux; 08-14-2009 at 08:59 PM.
 
Old 08-15-2009, 11:21 AM   #7
bloodsugar
Member
 
Registered: May 2009
Posts: 36

Rep: Reputation: 18
Quote:
Originally Posted by win32sux View Post
You can read something like this to get a better understanding of the patching process. It's actually really simple once you get the hang of it.
Yeah that looks ok, thanks for the link


Quote:
Originally Posted by win32sux View Post
BTW, what distro do you use?
slackware.

there are no packages available yet. I think I'll wait untill monday, and then have a go at it myself.

Thanks
 
Old 08-15-2009, 03:41 PM   #8
GazL
Senior Member
 
Registered: May 2008
Posts: 3,381

Rep: Reputation: 913Reputation: 913Reputation: 913Reputation: 913Reputation: 913Reputation: 913Reputation: 913Reputation: 913
Quote:
Originally Posted by bloodsugar View Post

slackware.

there are no packages available yet. I think I'll wait untill monday, and then have a go at it myself.
Slackware doesn't always release new kernel packages for vulnerabilities like this one. The kernel in Slackware 12.2 is still 2.6.27.7 despite there being many local vulnerabilities fixed between that and the latest 2.6.27.29. I'm not entirely sure what Pat's criteria is for deciding whether to release an updated kernel package or not.

On the plus side, as Slackware doesn't mess with the kernel, it's relatively straight forward to build your own from the upstream sources, which is what I do.
 
Old 08-16-2009, 01:16 AM   #9
MikeQ
LQ Newbie
 
Registered: Jun 2009
Posts: 18

Rep: Reputation: 0
Currently I'm running 2.6.29.6-grsec(all grsec and pax options enabled) but what I want to know is, where do I find the following so I can disable them like in the blog?

PF_APPLETALK, PF_IPX, PF_IRDA, PF_X25, PF_AX25, PF_BLUETOOTH, PF_IUCV, IPPROTO_SCTP/PF_INET6, PF_PPPOX, PF_ISDN
 
Old 08-16-2009, 08:41 PM   #10
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Original Poster
Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
Quote:
Originally Posted by MikeQ View Post
Currently I'm running 2.6.29.6-grsec(all grsec and pax options enabled) but what I want to know is, where do I find the following so I can disable them like in the blog?

PF_APPLETALK, PF_IPX, PF_IRDA, PF_X25, PF_AX25, PF_BLUETOOTH, PF_IUCV, IPPROTO_SCTP/PF_INET6, PF_PPPOX, PF_ISDN
You could do kernel module blacklisting (such as suggested by Red Hat), but if you're using the latest grsecurity patch for version 2.6.29.6 you're already covered with a proper fix, so this kind of mitigation wouldn't be necessary.

At the time of this post the latest grsecurity patch for version 2.6.29.6 was:

grsecurity-2.1.14-2.6.29.6-200908140946.patch

Last edited by win32sux; 08-16-2009 at 08:55 PM.
 
Old 08-17-2009, 07:57 AM   #11
GazL
Senior Member
 
Registered: May 2008
Posts: 3,381

Rep: Reputation: 913Reputation: 913Reputation: 913Reputation: 913Reputation: 913Reputation: 913Reputation: 913Reputation: 913
2.6.27.30 and 2.6.30.5 official kernels have been released and include the fix for this issue.
Time to get compiling...
 
Old 08-18-2009, 10:49 AM   #12
bloodsugar
Member
 
Registered: May 2009
Posts: 36

Rep: Reputation: 18
Is it the case that when upgrading a kernel from say, my current kernel 2.6.30.2, to the new 2.6.30.5, sometimes there wont be any new kernel options when you do 'make oldconfig'?

I do the 'make oldconfig' step and it tells me 'configuration written to .config', and exits.
 
Old 08-18-2009, 11:37 AM   #13
GazL
Senior Member
 
Registered: May 2008
Posts: 3,381

Rep: Reputation: 913Reputation: 913Reputation: 913Reputation: 913Reputation: 913Reputation: 913Reputation: 913Reputation: 913
@bloodsugar, Yes, that's not unusual. Especially when only changing the minor version number.

I didn't see any new options when going to 27.30 either.
 
Old 08-18-2009, 02:04 PM   #14
bloodsugar
Member
 
Registered: May 2009
Posts: 36

Rep: Reputation: 18
I see, thanks Gaz,

btw, whats the 2.6.27.30 kernel?
 
Old 08-19-2009, 12:01 AM   #15
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Original Poster
Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
Quote:
Originally Posted by GazL View Post
Slackware doesn't always release new kernel packages for vulnerabilities like this one. The kernel in Slackware 12.2 is still 2.6.27.7 despite there being many local vulnerabilities fixed between that and the latest 2.6.27.29. I'm not entirely sure what Pat's criteria is for deciding whether to release an updated kernel package or not.

On the plus side, as Slackware doesn't mess with the kernel, it's relatively straight forward to build your own from the upstream sources, which is what I do.
Interestingly enough, they did release one this time.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Server crash: kernel NULL pointer dereference cheerful Linux - Server 1 03-14-2008 12:41 PM
unable to handle kernel NULL pointer dereference omkarlagu Programming 2 01-23-2006 09:50 PM
Kernel Null Pointer Dereference Error Smillie Slackware 3 04-27-2005 05:21 PM
NULL pointer dereference error Mercman2000 Linux - General 1 03-21-2005 09:36 PM
Unable to handle kernel NULL pointer dereference.... kadaver Slackware 2 12-19-2003 07:46 AM


All times are GMT -5. The time now is 03:16 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration