You are not logged in.
- Topics: Active | Unanswered
Pages: 1
#1 2008-02-11 11:23:00
- Jacek Poplawski
- Member
- From: Poland
- Registered: 2006-01-10
- Posts: 736
- Website
2.6.24.1
Will 2.6.24.1 or exploit patch be in [core] as soon as possible, or should we compile our own kernel today?
Offline
#2 2008-02-11 11:28:44
- shining
- Pacman Developer
- Registered: 2006-05-10
- Posts: 2,043
Re: 2.6.24.1
The information was already put everywhere :
http://bbs.archlinux.org/viewtopic.php?id=43701
http://archlinux.org/news/383/
http://www.archlinux.org/pipermail/arch … 16797.html
The bug is only really fixed by 2.6.24.2 , but arch package includes a pre version of that release, so it's fine.
pacman roulette : pacman -S $(pacman -Slq | LANG=C sort -R | head -n $((RANDOM % 10)))
Offline
#3 2008-02-11 12:04:38
- Jacek Poplawski
- Member
- From: Poland
- Registered: 2006-01-10
- Posts: 736
- Website
Re: 2.6.24.1
Great! Thanks.
Offline
#4 2008-02-11 17:15:53
- broch
- Banned
- From: L.A. California
- Registered: 2006-11-13
- Posts: 975
Re: 2.6.24.1
not so fast..
http://bugs.debian.org/cgi-bin/bugrepor … =464953#14
pre-2.6.24.2
hotfix seems to cause problems
there are two fixes and only the latter seems to be safe:
Just for the record: Do not use the "hotfix" named disable-vmsplice-if-
exploitable.c. The hotfix first tries to run the exploit (which would be
totally unnecessary for the actual "fix" by the way and is therefore a
very dumb thing to do), and this still leads to kernel memory corruption
which will render the system unstable. You can imagine what might come
from corrupted kernel beside a simple crash (e.g. data loss).
I don't know which is applied in Arch kernel?
Offline
#5 2008-02-11 17:47:35
- jacko
- Member
- Registered: 2007-11-23
- Posts: 840
Re: 2.6.24.1
http://cvs.archlinux.org/cgi-bin/viewcv … text/plain
Here is the patch, doesn't look like they added the disable-vmsplice-if-
exploitable.c hotfix. I do not see it listed anywhere in the patch.
Last edited by jacko (2008-02-11 17:49:17)
Offline
#6 2008-02-11 19:06:24
- shining
- Pacman Developer
- Registered: 2006-05-10
- Posts: 2,043
Re: 2.6.24.1
Uhm, this thing is not a kernel patch, it's an external program (just the exploit slightly modified to fix the issue rather than exploit it).
That's ugly, and it's not something that could have been applied to the arch kernel. It's a program you could have run manually after each boot.
The real fix is the the first change in the patch linked above by jacko.
It's very similar to the one that apparently got applied in 2.6.24.2 :
http://git.kernel.org/?p=linux/kernel/g … 42272fd063
Both are likely equivalent.
pacman roulette : pacman -S $(pacman -Slq | LANG=C sort -R | head -n $((RANDOM % 10)))
Offline
Pages: 1