Re: [gentoo-user] Dirty COW bug

2016-10-22 Thread Nils Freydank
On Fri, Oct 21, 2016 at 13:39:54 CEST wrote Rich Freeman: > On Fri, Oct 21, 2016 at 12:22 PM, Alexander Kapshuk > [...] > > So, if you're staying in the same kernel series (4.4) you should just > be able to run make oldconfig and that's it. You can take a look but > I'd be shocked if you're eithe

Re: [gentoo-user] Dirty COW bug

2016-10-22 Thread Rich Freeman
On Sat, Oct 22, 2016 at 4:04 AM, J. Roeleveld wrote: > On Friday, October 21, 2016 11:04:19 AM Rich Freeman wrote: >> On Fri, Oct 21, 2016 at 10:49 AM, Mick wrote: >> > https://github.com/dirtycow/dirtycow.github.io/wiki/VulnerabilityDetails >> > >> > Are we patched? I'm running 4.4.21-gentoo >>

Re: [gentoo-user] Dirty COW bug

2016-10-22 Thread J. Roeleveld
On Friday, October 21, 2016 11:04:19 AM Rich Freeman wrote: > On Fri, Oct 21, 2016 at 10:49 AM, Mick wrote: > > https://github.com/dirtycow/dirtycow.github.io/wiki/VulnerabilityDetails > > > > Are we patched? I'm running 4.4.21-gentoo > > Not yet: > https://bugs.gentoo.org/show_bug.cgi?id=59762

Re: [gentoo-user] Dirty COW bug

2016-10-21 Thread Rich Freeman
On Fri, Oct 21, 2016 at 2:02 PM, Mick wrote: > > I haven't looked into exploits for this. At a practical level, what will it > take to compromise a PC? > You need to be able to run arbitrary code as a non-privileged user that has read-access to a file whose modification would allow elevation of

Re: [gentoo-user] Dirty COW bug

2016-10-21 Thread Mick
On Friday 21 Oct 2016 13:39:54 Rich Freeman wrote: > On Fri, Oct 21, 2016 at 12:22 PM, Alexander Kapshuk > > wrote: > > On Fri, Oct 21, 2016 at 6:42 PM, Andy Mender wrote: > >> Would a Gentoo .config work with the upstream "vanilla" 4.4.26 kernel? > >> I know Gentoo does some patching to the up

Re: [gentoo-user] Dirty COW bug

2016-10-21 Thread Rich Freeman
On Fri, Oct 21, 2016 at 12:22 PM, Alexander Kapshuk wrote: > On Fri, Oct 21, 2016 at 6:42 PM, Andy Mender wrote: > >> Would a Gentoo .config work with the upstream "vanilla" 4.4.26 kernel? >> I know Gentoo does some patching to the upstream sources and menuconfig has >> additional features there

Re: [gentoo-user] Dirty COW bug

2016-10-21 Thread Alexander Kapshuk
On Fri, Oct 21, 2016 at 6:42 PM, Andy Mender wrote: > On 21 October 2016 at 17:04, Rich Freeman wrote: >> >> On Fri, Oct 21, 2016 at 10:49 AM, Mick wrote: >> > https://github.com/dirtycow/dirtycow.github.io/wiki/VulnerabilityDetails >> > >> > Are we patched? I'm running 4.4.21-gentoo >> > >> >>

Re: [gentoo-user] Dirty COW bug

2016-10-21 Thread Andy Mender
On 21 October 2016 at 17:04, Rich Freeman wrote: > On Fri, Oct 21, 2016 at 10:49 AM, Mick wrote: > > https://github.com/dirtycow/dirtycow.github.io/wiki/VulnerabilityDetails > > > > Are we patched? I'm running 4.4.21-gentoo > > > > Not yet: > https://bugs.gentoo.org/show_bug.cgi?id=597624 > > Y

Re: [gentoo-user] Dirty COW bug

2016-10-21 Thread Rich Freeman
On Fri, Oct 21, 2016 at 10:49 AM, Mick wrote: > https://github.com/dirtycow/dirtycow.github.io/wiki/VulnerabilityDetails > > Are we patched? I'm running 4.4.21-gentoo > Not yet: https://bugs.gentoo.org/show_bug.cgi?id=597624 You're probably going to want to update to 4.4.26. It has been releas

[gentoo-user] Dirty COW bug

2016-10-21 Thread Mick
https://github.com/dirtycow/dirtycow.github.io/wiki/VulnerabilityDetails Are we patched? I'm running 4.4.21-gentoo -- Regards, Mick signature.asc Description: This is a digitally signed message part.