Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20140705185159.GA6953@openwall.com>
Date: Sat, 5 Jul 2014 22:51:59 +0400
From: Solar Designer <solar@...nwall.com>
To: oss-security@...ts.openwall.com
Subject: Re: CVE-2014-4699: Linux ptrace bug

On Sat, Jul 05, 2014 at 08:41:20PM +0200, Yves-Alexis Perez wrote:
> On sam., 2014-07-05 at 22:25 +0400, Solar Designer wrote:
> > So far, we're aware that the problem is definitely triggerable on recent
> > kernels (at least mainline and recent Ubuntu) running on Intel CPUs
> > (including in guest kernels in some VMs that run on Intel CPU hosts).
> 
> For what it's worth, we managed to reproduce the crash on Debian 3.14.9-1
> kernel (from sid), but not on the stable 3.2.57-3+deb7u2 (there's a
> double faute but no panic), on Intel CPUs.

Maybe it's just me, but I find the above ambiguous.

What exactly do you mean by "crash" and "panic" above?  How do you know
it's a double fault?  What appears in dmesg on the first system, and
what on the second system?  What's the value of the kernel.panic_on_oops
sysctl, and is it the same on both systems?

Thanks,

Alexander

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.