Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <CAL6HQvHDika0NmatJLfHLDE2hnb44o7s-W-EscFPvgt2yXmamw@mail.gmail.com>
Date: Thu, 10 Sep 2020 00:30:40 +0200
From: Kai Lüke <kai@...volk.io>
To: oss-security@...ts.openwall.com
Subject: Re: CVE-2020-14386: Linux kernel: af_packet.c vulnerability

Hello,

here are some words on whether related issues to CVE-2020-14386 could
exist in similar software.

There are of course forks of Linux which get updates slower or not
at all. The Android mainline branch at least has the fix already.
In case of µClinux I found trees that are kept on old versions with no
plans to update to newer major versions (for example, the GitHub
project EmcraftSystems/linux-emcraft is on 2.6.33).

Implementations of the Linux syscall ABI are getting more common.
I didn't test the Windows WSL and WSL2 situation. For WSL I don't
know if they implement support for RAW sockets and for WSL2 it
likely means that the virtualized Linux kernel crashes. However,
I tried to reproduce the bug with gVisor and FreeBSD.

With gVisor and the default Go network stack it was not possible to
open the RAW socket inside the runsc sandbox and a permission error
was reported. This error went away when using the Linux host network
stack and resulted in the new error
"Address family not supported by protocol" which suggests that support
for RAW sockets is not implemented but I didn't confirm it in the
source code. I think that non-race memory corruptions are rare in Go.

On FreeBSD and the Linux binary compatibility mode enabled I also got
"Address family not supported by protocol" but here as well I didn't
consult the source code to confirm that support for RAW sockets is
indeed not implemented. I don't know if a native feature like
PACKET_RESERVE exists.

Regards,
Kai



-- 
Kinvolk GmbH | Adalbertstr.6a, 10999 Berlin | tel: +491755589364

Geschäftsführer/Directors: Alban Crequy, Chris Kühl, Iago López Galeiras

Registergericht/Court of registration: Amtsgericht Charlottenburg

Registernummer/Registration number: HRB 171414 B

Ust-ID-Nummer/VAT ID number: DE302207000

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.