WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-users

Re: [Xen-users] patch for kernel exploit?

To: Stephan Seitz <s.seitz@xxxxxxxxxxxx>
Subject: Re: [Xen-users] patch for kernel exploit?
From: Zoltan HERPAI <wigyori@xxxxxxx>
Date: Mon, 11 Feb 2008 11:35:19 +0100
Cc: xen-users@xxxxxxxxxxxxxxxxxxx
Delivery-date: Mon, 11 Feb 2008 02:35:30 -0800
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
In-reply-to: <47B02196.9030808@xxxxxxxxxxxx>
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
References: <47B0191E.3050807@xxxxxxx> <47B02196.9030808@xxxxxxxxxxxx>
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: Thunderbird 2.0.0.6 (X11/20071008)
Stephan Seitz wrote:
Zoltan HERPAI schrieb:
Hi,

As most of you probably already know, a local root exploit was released yesterday which affects kernels from 2.6.17 to 2.6.24.1. Is there an official patch for dom0 and domU kernels, or can the backport of the official kernel patch be used on these kernels?

Hi, thanks for reminding this exploit, as far as I can see, there's no
kernel patch at all available. The GIT Repository also shows no real
solution.
Do you have any suggestions on how to fix this issue _now_ ?
Hi,

For kernels around 2.6.22, backporting of the 2.6.24.1->2.6.24.2 diff will work, so this could be used for people who use 2.6.23.x and up for domU. For kernels around 2.6.18 or for which the official fix does not apply, I was told short ago that a "return -ENOSYS;" in fs/splice.c sys_vmsplice() might work as "nothing uses it", but I have yet to check it on my boxes.

Regards,
Zoltan HERPAI


_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

<Prev in Thread] Current Thread [Next in Thread>