Full Disclosure mailing list archives
Re: The story of the Linux kernel 3.x...
From: Adam Zabrocki <pi3 () pi3 com pl>
Date: Thu, 17 May 2012 20:56:54 +0200
Dnia 2012-05-17, czw o godzinie 10:32 -0400, valdis.kletnieks () vt edu pisze:
On Wed, 16 May 2012 23:49:40 +0200, Adam Zabrocki said:so the latest update has this fix but still official ISO has old kernel. Fix was applied in March/April. So again _sock kernels_ have/had so simple mistake ;)You're assuming it's a *mistake* rather than something intentional. Remember that the distro does *not* know what you run on the kernel, so they need to build one that covers all the bases. So they really need to make a choice. Which is going to result in more nasty phone calls and e-mails: leaving COMPAT_VDSO set (which is probably the 12,934th most security crucial security setting in a distro), or turn it off and *know* this will break certain older binaries? Remember that if you're a distro with a million users, even if only 0.1% of them still have old binaries, you just borked 1,000 user's machines. Now compare that number to the number that will get hacked if you leave COMPAT_VDSO on (remember that the *only* thing it stops is exploits that hard-code certain addresses)
Sorry I can not agree with you. Suse 12.1 is very new/fresh distribution so I don't see any point of delivering "old" binaries with new system. Still there is an open question about 3rd party vendors applications. But if you look carefully for our discussion you will realize that other systems do not have problem with that so you are suggesting that only Suse don't have problems with clients? Additionally Suse provided in March/April patch for this issue which I pointed out in my previous posts and you can find patch and discussion about that on Suse kernel developers list: http://lists.opensuse.org/opensuse-kernel/2012-03/msg00056.html Additionally Marcus Meissner from the Suse team wrote interesting sentence about problem with 'old' binaries: "Nobody can actually point to an application that breaks." and "openSUSE 12.2 will have it disabled." Because many people are confused about this whole discussion I want to summarize: Suse 12.1 - by default has problem with mapping VDSO at fixed address (kernel compiled with enabled CONFIG_COMPAT_VDSO option) - both x86 and amd64 architectures. The newest kernel package has fix (March/April) for this problem. Ubuntu and other 64 bits systems allocate VSYSCALL at fixed memory address but this is known issue which I didn't realize so my mistake for confusing. More information about this case can be found here: https://lkml.org/lkml/2011/8/9/274 Best regards, Adam Zabrocki
Attachment:
signature.asc
Description: This is a digitally signed message part
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: The story of the Linux kernel 3.x..., (continued)
- Re: The story of the Linux kernel 3.x... Marcus Meissner (May 16)
- Re: The story of the Linux kernel 3.x... Adam Zabrocki (May 17)
- Re: The story of the Linux kernel 3.x... Tavis Ormandy (May 16)
- Re: The story of the Linux kernel 3.x... Dan Kaminsky (May 16)
- Re: The story of the Linux kernel 3.x... Tavis Ormandy (May 16)
- Re: The story of the Linux kernel 3.x... Adam Zabrocki (May 17)
- Re: The story of the Linux kernel 3.x... Paul Heinlein (May 16)
- Re: The story of the Linux kernel 3.x... charlie (May 17)
- Re: The story of the Linux kernel 3.x... Adam Zabrocki (May 17)
- Re: The story of the Linux kernel 3.x... Tavis Ormandy (May 16)
- Re: The story of the Linux kernel 3.x... valdis . kletnieks (May 17)
- Re: The story of the Linux kernel 3.x... Adam Zabrocki (May 18)
- Re: The story of the Linux kernel 3.x... valdis . kletnieks (May 17)