3.11-final plan: unpriviledged user can crash the kernel (usingbluetooth rfcomm)
From: Pavel Machek
Date: Sun Sep 01 2013 - 14:51:00 EST
Hi!
> > On Sat 2013-08-31 12:14:51, Pavel Machek wrote:
> > > On Sat 2013-08-31 12:09:33, Pavel Machek wrote:
> > > > Hi!
> > > >
> > > > > . Python sources for client/server are at
> > > > >
> > > > > http://tui.cvs.sourceforge.net/viewvc/tui/tui/liveview/
> > > > >
> > > > > . My kernels like to warn about
> > > > System is debian stable with gnome2.
> > >
> > > And no, it is not fixed in 3.11-rc7.
> >
> > 2.6.32-5-686 from debian seems to work.
>
> Could you try linux-next? We recently pushed a rework of the RFCOMM tty
> handling, it should fix this. The work was too big to be pushed to 3.11
So... In 3.11 unpriviledged user can crash the kernel, but the fix is
too big, so we release it without the fix?
Somehow, I don't think that's good idea.
Do you have an idea what is the impact? Is it crash-the-kernel or
execute-arbitrary-code?
What about:
a) marking CONFIG_RFCOMM as dangerous in the help text. I just
checked, help text makes it sound like a good thing.
(joke) b) renaming CONFIG_RFCOMM to CONFIG_LET_USER_CRASH_KERNEL
or better yet:
c) removing CONFIG_RFCOMM option in affected releases? I know
regressions are bad, but...
Multiuser desktops are not too common these days, but all the
Android cellphones are "multiuser"...
Plus note that bug is so easy to trigger that I hit it in first minute
trying to get non-malicious application to run.
[3.10 seems also affected.]
Pavel
--
(english) http://www.livejournal.com/~pavelmachek
(cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/