Ubuntu
linux-ec2 package

Test for CVE-2011-1020 fails 50% of the time

Bug #840002 reported by C de-Avillez
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux-ec2 (Ubuntu)
Invalid
Undecided
Unassigned

Bug Description

While testing linux-image-ec2 2.6.32-318.38 (see tracking bug 837804) this test seems to fail around 50% of the time.

This is a m1.large image, AMD64. Output collected:

/proc/$pid/ DAC bypass on setuid (CVE-2011-1020) ... FAIL

======================================================================
FAIL: /proc/$pid/ DAC bypass on setuid (CVE-2011-1020)
----------------------------------------------------------------------
Traceback (most recent call last):
  File "./test-kernel-security.py", line 1345, in test_101_proc_fd_leaks
    self.assertShellOutputContains(bad[name], ['sudo','-u',os.environ['SUDO_USER'],"sh","-c","echo '' | ./dac-bypass.py %s" % (name)], invert=expected)
  File "/home/ubuntu/qrt-test-kernel/testlib.py", line 905, in assertShellOutputContains
    self.assertFalse(text in out, msg + result + report)
AssertionError: Got exit code 10. Looking for text "[<"
Command: 'sudo', '-u', 'ubuntu', 'sh', '-c', 'echo '' | ./dac-bypass.py stack'
Output:
(current) UNIX password: passwd: Authentication token manipulation error
passwd: password unchanged
Changing password for ubuntu.
[<ffffffffffffffff>] 0xffffffffffffffff

# RUN 2

======================================================================
FAIL: /proc/$pid/ DAC bypass on setuid (CVE-2011-1020)
----------------------------------------------------------------------
Traceback (most recent call last):
  File "./test-kernel-security.py", line 1345, in test_101_proc_fd_leaks
    self.assertShellOutputContains(bad[name], ['sudo','-u',os.environ['SUDO_USER'],"sh","-c","echo '' | ./dac-bypass.py %s" % (name)], invert=expected)
  File "/home/ubuntu/qrt-test-kernel/testlib.py", line 905, in assertShellOutputContains
    self.assertFalse(text in out, msg + result + report)
AssertionError: Got exit code 10. Looking for text "[<"
Command: 'sudo', '-u', 'ubuntu', 'sh', '-c', 'echo '' | ./dac-bypass.py stack'
Output:
(current) UNIX password: passwd: Authentication token manipulation error
passwd: password unchanged
Changing password for ubuntu.
[<ffffffff8110054c>] do_select+0x58c/0x6d0
[<ffffffff81100e65>] core_sys_select+0x185/0x2b0
[<ffffffff811011e2>] sys_select+0x42/0x110
[<ffffffff81009bb8>] system_call_fastpath+0x16/0x1b
[<ffffffffffffffff>] 0xffffffffffffffff

[<ffffffff810ffc34>] poll_schedule_timeout+0x34/0x50
[<ffffffff8110054c>] do_select+0x58c/0x6d0
[<ffffffff81100e65>] core_sys_select+0x185/0x2b0
[<ffffffff811011e2>] sys_select+0x42/0x110
[<ffffffff81009bb8>] system_call_fastpath+0x16/0x1b
[<ffffffffffffffff>] 0xffffffffffffffff

[<ffffffffffffffff>] 0xffffffffffffffff

----------------------------------------------------------------------

# RUN 4

======================================================================
FAIL: /proc/$pid/ DAC bypass on setuid (CVE-2011-1020)
----------------------------------------------------------------------
Traceback (most recent call last):
  File "./test-kernel-security.py", line 1345, in test_101_proc_fd_leaks
    self.assertShellOutputContains(bad[name], ['sudo','-u',os.environ['SUDO_USER'],"sh","-c","echo '' | ./dac-bypass.py %s" % (name)], invert=expected)
  File "/home/ubuntu/qrt-test-kernel/testlib.py", line 905, in assertShellOutputContains
    self.assertFalse(text in out, msg + result + report)
AssertionError: Got exit code 10. Looking for text "[<"
Command: 'sudo', '-u', 'ubuntu', 'sh', '-c', 'echo '' | ./dac-bypass.py stack'
Output:
(current) UNIX password: passwd: Authentication token manipulation error
passwd: password unchanged
Changing password for ubuntu.
[<ffffffff810ffc34>] poll_schedule_timeout+0x34/0x50
[<ffffffff8110054c>] do_select+0x58c/0x6d0
[<ffffffff81100ec7>] core_sys_select+0x1e7/0x2b0
[<ffffffff811011f4>] sys_select+0x54/0x110
[<ffffffff81009bb8>] system_call_fastpath+0x16/0x1b
[<ffffffffffffffff>] 0xffffffffffffffff

# RUN 8

----------------------------------------------------------------------

======================================================================
FAIL: /proc/$pid/ DAC bypass on setuid (CVE-2011-1020)
----------------------------------------------------------------------
Traceback (most recent call last):
  File "./test-kernel-security.py", line 1345, in test_101_proc_fd_leaks
    self.assertShellOutputContains(bad[name], ['sudo','-u',os.environ['SUDO_USER'],"sh","-c","echo '' | ./dac-bypass.py %s" % (name)], invert=expected)
  File "/home/ubuntu/qrt-test-kernel/testlib.py", line 905, in assertShellOutputContains
    self.assertFalse(text in out, msg + result + report)
AssertionError: Got exit code 10. Looking for text "[<"
Command: 'sudo', '-u', 'ubuntu', 'sh', '-c', 'echo '' | ./dac-bypass.py stack'
Output:
(current) UNIX password: passwd: Authentication token manipulation error
passwd: password unchanged
Changing password for ubuntu.
[<ffffffffffffffff>] 0xffffffffffffffff

----------------------------------------------------------------------

# RUN 9

======================================================================
FAIL: /proc/$pid/ DAC bypass on setuid (CVE-2011-1020)
----------------------------------------------------------------------
Traceback (most recent call last):
  File "./test-kernel-security.py", line 1345, in test_101_proc_fd_leaks
    self.assertShellOutputContains(bad[name], ['sudo','-u',os.environ['SUDO_USER'],"sh","-c","echo '' | ./dac-bypass.py %s" % (name)], invert=expected)
  File "/home/ubuntu/qrt-test-kernel/testlib.py", line 905, in assertShellOutputContains
    self.assertFalse(text in out, msg + result + report)
AssertionError: Got exit code 10. Looking for text "[<"
Command: 'sudo', '-u', 'ubuntu', 'sh', '-c', 'echo '' | ./dac-bypass.py stack'
Output:
(current) UNIX password: passwd: Authentication token manipulation error
passwd: password unchanged
Changing password for ubuntu.
[<ffffffffffffffff>] 0xffffffffffffffff

----------------------------------------------------------------------

# RUN 10

======================================================================
FAIL: /proc/$pid/ DAC bypass on setuid (CVE-2011-1020)
----------------------------------------------------------------------
Traceback (most recent call last):
  File "./test-kernel-security.py", line 1345, in test_101_proc_fd_leaks
    self.assertShellOutputContains(bad[name], ['sudo','-u',os.environ['SUDO_USER'],"sh","-c","echo '' | ./dac-bypass.py %s" % (name)], invert=expected)
  File "/home/ubuntu/qrt-test-kernel/testlib.py", line 905, in assertShellOutputContains
    self.assertFalse(text in out, msg + result + report)
AssertionError: Got exit code 10. Looking for text "[<"
Command: 'sudo', '-u', 'ubuntu', 'sh', '-c', 'echo '' | ./dac-bypass.py stack'
Output:
(current) UNIX password: passwd: Authentication token manipulation error
passwd: password unchanged
Changing password for ubuntu.
[<ffffffff810ffc34>] poll_schedule_timeout+0x34/0x50
[<ffffffff8110054c>] do_select+0x58c/0x6d0
[<ffffffff810ea8f6>] mem_cgroup_charge_common+0x76/0xa0
[<ffffffffffffffff>] 0xffffffffffffffff

----------------------------------------------------------------------

#

ProblemType: Bug
DistroRelease: Ubuntu 10.04
Package: linux-image-2.6.32-318-ec2 2.6.32-318.38
ProcVersionSignature: User Name 2.6.32-318.38-ec2 2.6.32.44+drm33.19
Uname: Linux 2.6.32-318-ec2 x86_64
Architecture: amd64
Date: Fri Sep 2 23:35:41 2011
Ec2AMI: ami-a3a764ca
Ec2AMIManifest: ubuntu-images-testing-us/ubuntu-lucid-daily-amd64-server-20110902.manifest.xml
Ec2AvailabilityZone: us-east-1d
Ec2InstanceType: m1.large
Ec2Kernel: aki-427d952b
Ec2Ramdisk: unavailable
ProcEnviron:
 LC_TIME=en_DK.utf8
 LANG=en_US.UTF-8
 SHELL=/bin/bash
SourcePackage: linux-ec2

Revision history for this message
C de-Avillez (hggdh2) wrote :
Revision history for this message
dino99 (9d9) wrote :

Closing that outdated report as EOL has been reached long time ago

Changed in linux-ec2 (Ubuntu):
status: New → Invalid
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.