Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20200720112018.GA2607@openwall.com>
Date: Mon, 20 Jul 2020 13:20:18 +0200
From: Solar Designer <solar@...nwall.com>
To: lkrg-users@...ts.openwall.com
Subject: Re: kernel: BUG: unable to handle page fault for address: ffffffffab42fee7

On Mon, Jul 20, 2020 at 10:00:07AM +0200, Mikhail Morfikov wrote:
> On 20/07/2020 00.22, Solar Designer wrote:
> > 
> > What is your value of lkrg.umh_validate?  
> As I said in my previous message, this happens when the default sysctl settings
> are used:

> lkrg.umh_enforce = 1
> lkrg.umh_validate = 1

Oh, I think I understand now.  LKRG checks its known UMH program
pathnames at its initialization time and then only allows those that
were actually found on the system.  Since you don't have
/sbin/bridge-stp, LKRG doesn't allow it.  Then it also fails on trying
to block its execution because of CPA.

As a temporary workaround, you can try creating /sbin/bridge-stp as a
copy of /bin/false.

And we'll definitely need to fix LKRG to support UMH pathnames on
CPA-protected pages, and maybe reconsider it only allowing programs
that were seen at initialization (feels like unnecessary complexity).

Alexander

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.