SKayser Posted October 21, 2016 Share Posted October 21, 2016 Hello,I attempted to port the dirty COW fix (https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=19be0eaffa3ac7d8eb6784ad9bdbc7d67ed8e619) for 3.4.112, and came up with this: https://github.com/SvenKayser/Sambooca-Kernel-H3/commit/543472582a6adcef12fae4ad11da72a62f29fb74.patch Apparently it solves the issue, but to be sure maybe some of you guys can give it a test. If it checks out please do commit it in the right places for Armbian - which I wouldn't know (Armbian has so many kernel patch folders, I don't wanna mess things up)RegardsSven 2 Link to comment Share on other sites More sharing options...
moondeck Posted October 21, 2016 Share Posted October 21, 2016 I can confirm this fixes the issue, using my own Debian image that uses Sven's kernel by default. The file that was being modified remains the same after running the exploit. Good job! -Olgierd 1 Link to comment Share on other sites More sharing options...
SKayser Posted October 21, 2016 Author Share Posted October 21, 2016 Dug this up in the 3.2 tree. I'm pretty sure this would also work with 3.4. Didn't test it tho. https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/commit/?id=243f858d7045b710a31c377112578387ead4dde1 Link to comment Share on other sites More sharing options...
Igor Posted October 22, 2016 Share Posted October 22, 2016 Yes, it looks like we got them all Thanks for assistance. Link to comment Share on other sites More sharing options...
moondeck Posted October 22, 2016 Share Posted October 22, 2016 So, is it available in armbian now? Link to comment Share on other sites More sharing options...
Igor Posted October 22, 2016 Share Posted October 22, 2016 Rebuilding Armbian = up to 10 hours ... I am doing some other urgent fixes on the way. Pine64 patch needs some adjustments and few checks, testing repository is currently building and if things goes well it will be pushed to main repository. If this would be only one kernel with only this change ... it would be already done. Problems in yesterday build: http://beta.armbian.com/buildlogs/ Link to comment Share on other sites More sharing options...
rokus Posted November 27, 2016 Share Posted November 27, 2016 Do I understand correctly: The image I find in linux-image-sun8i_5.23_armhf.deb (timestamp 23rd Oct) contains the kernel image with the Dirty Cow patch? I still get 3.4.112 as new kernel version. Was this a "silent patch", without increasing the version number? PS: Thanks for your work! Without the Armbian Project I could not even remotely hope to find fixes for such vulnerabilities. Link to comment Share on other sites More sharing options...
Igor Posted November 27, 2016 Share Posted November 27, 2016 If you did apt-get update and apt-get upgrade, you have nothing to worry Thanks. Link to comment Share on other sites More sharing options...
Recommended Posts