SKayser Posted October 21, 2016 Posted October 21, 2016 Hello,I attempted to port the dirty COW fix (https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=19be0eaffa3ac7d8eb6784ad9bdbc7d67ed8e619) for 3.4.112, and came up with this: https://github.com/SvenKayser/Sambooca-Kernel-H3/commit/543472582a6adcef12fae4ad11da72a62f29fb74.patch Apparently it solves the issue, but to be sure maybe some of you guys can give it a test. If it checks out please do commit it in the right places for Armbian - which I wouldn't know (Armbian has so many kernel patch folders, I don't wanna mess things up)RegardsSven 2
moondeck Posted October 21, 2016 Posted October 21, 2016 I can confirm this fixes the issue, using my own Debian image that uses Sven's kernel by default. The file that was being modified remains the same after running the exploit. Good job! -Olgierd 1
SKayser Posted October 21, 2016 Author Posted October 21, 2016 Dug this up in the 3.2 tree. I'm pretty sure this would also work with 3.4. Didn't test it tho. https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/commit/?id=243f858d7045b710a31c377112578387ead4dde1
Igor Posted October 22, 2016 Posted October 22, 2016 Yes, it looks like we got them all Thanks for assistance.
Igor Posted October 22, 2016 Posted October 22, 2016 Rebuilding Armbian = up to 10 hours ... I am doing some other urgent fixes on the way. Pine64 patch needs some adjustments and few checks, testing repository is currently building and if things goes well it will be pushed to main repository. If this would be only one kernel with only this change ... it would be already done. Problems in yesterday build: http://beta.armbian.com/buildlogs/
rokus Posted November 27, 2016 Posted November 27, 2016 Do I understand correctly: The image I find in linux-image-sun8i_5.23_armhf.deb (timestamp 23rd Oct) contains the kernel image with the Dirty Cow patch? I still get 3.4.112 as new kernel version. Was this a "silent patch", without increasing the version number? PS: Thanks for your work! Without the Armbian Project I could not even remotely hope to find fixes for such vulnerabilities.
Igor Posted November 27, 2016 Posted November 27, 2016 If you did apt-get update and apt-get upgrade, you have nothing to worry Thanks.
Recommended Posts