Linux kernel patch from the Openwall Project (historical)
View the latest
README and the
FAQ
(both are also included in the archives below).
Download:
These and older versions of the patches are also
available from the Openwall file archive.
Follow this link for information on verifying the signatures.
This is a historical project.
For a related (yet very different) currently active project, see
Linux Kernel Runtime Guard instead.
Contributed resources:
February 19, 2010
Linux 2.4.37.9-ow1 is out.
The patch additionally includes a post-2.4.37.9 fix for FAT filesystems.
November 15, 2009
Linux 2.4.37.7-ow1 is out.
The 2.4.37.7 kernel fixes a number of security-related bugs.
October 25, 2009
Linux 2.4.37.6-ow1 is out.
The 2.4.37.6 kernel fixes a number of information leak vulnerabilities.
One of these was already fixed in 2.4.37.5-ow1 (see below),
and the remaining ones may or may not affect specific systems
depending on both kernel and userspace configuration.
August 3, 2009
Linux 2.4.37.4-ow1 is out.
The 2.4.37.4 kernel integrates a replacement for the "personality" hardening
measure introduced in 2.4.37.3-ow1.
July 20, 2009
Linux 2.4.37.3-ow1 is out.
The 2.4.37.3 kernel release adds the "-fno-delete-null-pointer-checks" option
to gcc invocations, which is important to reduce the impact of a class of
kernel bugs (which are yet to be found and fixed individually, but are known
to exist in general),
adds several security-relevant fixes to the RTL-8169 NIC driver, and
makes other assorted changes.
The Linux 2.4.37.3-ow1 kernel patch introduces an additional security hardening
measure where the kernel will no longer allow the "personality" feature
(which is needed to support some program binaries from other operating systems)
to be abused to bypass the vm.mmap_min_addr restriction via SUID-root programs
with a certain class of design errors in them.
Similar changes were introduced into 2.6.x kernels recently.
July 7, 2009
Linux 2.4.37.2-ow1 is out.
The 2.4.37.2 kernel release adds
several bug fixes, including security-relevant ones.
May 24, 2009
Linux 2.4.37.1-ow1 is out.
Linux 2.4.37.1, compared to 2.4.35-ow2,
adds numerous security-relevant fixes to various kernel subsystems.
Additionally, functionality of the restricted zero page mappings feature in
2.4.37.1-ow1 has been revised to apply on top of the vm.mmap_min_addr sysctl
introduced in mainstream 2.4 kernels,
and the documentation has been revised accordingly.
August 14, 2007
Linux 2.4.35-ow2 is out.
This revision adds a fix for the
parent process death signal vulnerability
in the Linux kernel discovered by Wojciech Purczynski
of COSEINC PTE Ltd. and iSEC Security Research (CVE-2007-3848).
It also adds two security hardening features, both enabled by default:
restricted access to VM86 mode (specific to 32-bit x86) and
restricted zero page mappings (generic).
August 7, 2007
Linux 2.4.35-ow1 is out.
The single known security-relevant change added with Linux 2.4.35 is
correction of the randomness pool update bug discovered by the PaX Team.
December 27, 2006
Linux 2.4.34-ow1 is out.
Linux 2.4.34 includes a number of security fixes for issues that either
have minor impact or are in subsystems that are not commonly used in ways
that would expose the security issues.
August 16, 2006
Linux 2.4.33-ow1 is out.
November 26, 2005
Linux 2.4.32-ow1 is out.
June 3, 2005
Linux 2.4.31-ow1 is out.
The changes since 2.4.30-ow3 are unimportant for most users.
May 12, 2005
Further analysis shows that on Linux 2.4.30 and above running on x86,
the impact of CAN-2005-1263 is limited to DoS.
On 2.4.x kernels older than 2.4.30 and/or on other architectures (including
x86-64), privilege escalation via this bug appears to actually be possible.
May 12, 2005
Linux 2.4.30-ow3 is out.
This version adds a fix to the
ELF core dump vulnerability (CAN-2005-1263) discovered by Paul Starzetz,
as well as a fix to an x86-64 DoS vulnerability (from Linux 2.4.31-pre1).
Linux 2.2.x starting with 2.2.21-ow2 and 2.0.x kernels are unaffected.
April 8, 2005
Linux 2.4.30-ow1 is out.
January 20, 2005
Linux 2.4.29-ow1 is out.
Linux 2.4.29, and thus 2.4.29-ow1, adds a number of security fixes,
including to the
x86/SMP page fault handler (CAN-2005-0001) and the
uselib(2) (CAN-2004-1235) race conditions,
both discovered by Paul Starzetz.
The potential of these bugs is a local root compromise.
The uselib(2) bug does not affect default builds of Linux kernels with
the Openwall patch applied since the vulnerable code is only compiled in
if one explicitly enables CONFIG_BINFMT_ELF_AOUT, an option introduced
by the patch.
August 14, 2004
Linux 2.4.27-ow1 is out.
August 4, 2004
Linux 2.4.26-ow3 is out.
This corrects the access control check in the Linux kernel
which previously wrongly allowed any local user to change the group
ownership of arbitrary NFS-exported/imported files (CAN-2004-0497)
and adds a workaround for the file offset pointer races discovered by
Paul Starzetz (CAN-2004-0415).
June 19, 2004
Linux 2.4.26-ow2 is out.
This update fixes multiple security-related bugs in the Linux kernel
(those discovered by Al Viro using "Sparse",
fsave/frstor local DoS on x86, infoleak in the e1000 driver, and some others)
as well as two non-security bugs in the patch itself.
Please refer to the
announcement
for detailed information on the changes.
April 17, 2004
Linux 2.4.26-ow1 and 2.0.40-ow1 are out.
Linux 2.4.26 (and thus 2.4.26-ow1) fixes
an integer overflow vulnerability in processing of the MCAST_MSFILTER
socket option discovered by Paul Starzetz. When properly exploited,
the bug would lead to a local root compromise. Also included in this
kernel release is a fix for the ext3/XFS information leak discovered
by Solar Designer, and a number of other relatively minor fixes.
Linux 2.0.40 (and thus 2.0.40-ow1), compared to Linux 2.0.39-ow3,
eliminates an information leak via ICMP messages.
March 1, 2004
Linux 2.2.26-ow1 is out and includes more verbose reporting of returns
onto stack.
February 21, 2004
Linux 2.2.25-ow2 is out and includes a workaround for the second mremap(2)
system call vulnerability discovered by Paul Starzetz.
It also includes the /dev/rtc information leak fix (see the news item from
January 5, below) and other minor fixes.
Upgrading of existing Linux 2.2.x installs is strongly recommended.
February 20, 2004
Linux 2.4.25-ow1 is out.
Upgrading of existing 2.4.23-ow2 and 2.4.24-ow1 installs is not strictly
required for most users as 2.4.23-ow2+ patches already included a kernel bug fix
which was later determined to be security-critical and needed to avoid
the second mremap(2) system call vulnerability discovered by Paul Starzetz
and made public two days ago.
January 8, 2004
Linux 2.4.24-ow1 is out.
Upgrading of existing 2.4.23-ow2 installs is not required.
January 5, 2004
Linux 2.4.23-ow2 adds fixes for two Linux kernel vulnerabilities.
One of the vulnerabilities, discovered by Paul Starzetz, is in incorrect
handling of a boundary case in mremap(2) system call.
When properly exploited, this vulnerability may allow any
local user and any process to execute arbitrary code with kernel
privileges and thus gain root access and bypass restrictions such as
cap-bound.
More trivial exploits of the same vulnerability result in an instant
reboot (local DoS).
This vulnerability does not affect Linux 2.2.x and older kernels.
The other vulnerability has been discovered by Russell King and results
in the real time clock drivers leaking small amounts of kernel internal
data to user-space applications via the /dev/rtc device.
Such data might be security-sensitive.
All of Linux 2.0.x, 2.2.x, and 2.4.x are affected, provided the
/dev/rtc device is readable to untrusted users (it isn't on Owl).
November 29, 2003
Linux 2.4.23 (and thus 2.4.23-ow1) includes a fix to a vulnerability
in the brk(2) system call discovered by Andrew Morton.
When properly exploited, this vulnerability may allow any local user and
any process to execute arbitrary code with kernel privileges and thus
gain root access and bypass restrictions such as cap-bound.
Linux 2.2.x and 2.0.x are not affected.
Additionally, Linux 2.4.23-ow1 makes the reporting of returns onto stack
more verbose and makes the kernel retry attempts to open the root filesystem
device if the first attempt fails.
July 6, 2003
Linux 2.4.21-ow2 adds fixes for two Linux kernel vulnerabilities
recently discovered by Paul Starzetz.
One of the vulnerabilities allows for substitution of SUID/SGID programs
on Linux 2.4.x (but not 2.2.x or 2.0.x), thereby leaking their elevated
privileges. On older Linux kernels, the impact of this vulnerability is
limited to dumping the contents of unreadable SUID/SGID programs.
The other vulnerability gives users read access to the environment
of SUID/SGID programs they run.
June 15, 2003
Linux 2.4.21 (and thus 2.4.21-ow1) adds numerous security fixes, including to
the kmod/ptrace race previously fixed in 2.2.25 and many 2.4.x-specific
vulnerabilities (ioperm(2) allowing unauthorized direct access to certain
I/O ports, O_DIRECT information leaks, excessive CPU consumption with
networking, and more).
March 20, 2003
Linux 2.2.24 and 2.2.25 (and thus 2.2.25-ow1) add a number of security fixes:
for the kmod/ptrace race, "Etherleak", and a local DoS with mmap(2) of
/proc/<pid>/mem files.
Please refer to the
Owl change log for
information on the vulnerabilities and how they affect
Owl.
November 27, 2002
Linux 2.2.22-ow2 improves the "lcall" DoS fix for the Linux kernel to
cover the NT (Nested Task) flag attack discovered by Christophe Devine.
September 10, 2002
Linux 2.2.21-ow2 includes many security fixes for issues with the Linux
kernel discovered during code reviews by Silvio Cesare, Solar Designer,
and others.
March 3, 2002
Linux 2.2.20-ow2 fixes an x86-specific vulnerability in the Linux kernel
discovered by Stephan Springl
where local users could abuse a binary compatibility interface (lcall)
to kill processes not belonging to them (including system processes).
November 3, 2001
Linux 2.2.20 adds a workaround for a vulnerability with certain packet
filter setups and
SYN cookies
where the packet filter rules could be bypassed.
Additionally, 2.2.20-ow1 moves even more of the support for combined
ELF/a.out setups (in particular, uselib(2) and its related a.out library
loaders) under the configuration option introduced with 2.2.19-ow4.
October 22, 2001
Linux 2.2.19-ow4 fixes a symbol export issue introduced with 2.2.19-ow3
and moves the support for ELF executables which use an a.out format
interpreter (dynamic linker) into a separate configuration option
(disabled by default). No upgrade from 2.2.19-ow3 is necessary.
October 18, 2001
Linux 2.2.19-ow3+ fixes two Linux kernel vulnerabilities discovered by
Rafal Wojtczuk.
Please refer to the
Owl change log for
information on the vulnerabilities and how they affect
Owl.
Of the two newly discovered vulnerabilities, Linux 2.0.39-ow3 is only affected
by the DoS.
March 26, 2001
Linux 2.2.19 is another important security update. Please upgrade
to at least 2.2.19-ow1 or 2.0.39-ow3.
1083219