Ubuntu
linux-lts-saucy package

  1. Raring (13.04)
  2. Bug #1259570
  3. Activity log

Activity log for bug #1259570

Date Who What changed Old value New value Message
2013-12-10 14:20:46 Philipp Kern bug added bug
2013-12-10 14:21:04 Philipp Kern information type Private Security Public Security
2013-12-10 14:30:09 Brad Figg linux (Ubuntu): status New Incomplete
2013-12-10 14:33:41 Margarita Manterola linux (Ubuntu): status Incomplete Confirmed
2013-12-10 14:35:10 Margarita Manterola description To enable kexec makes sense for a generic distro kernel. But if your users have root and you want to make it hard for them to run code in ring 0, you commonly disable further module loading and you also want to disable kexec[1]. Kees Cook wrote up a patch[2] that we'd like to see applied to the Ubuntu kernel to avoid recompilation of the distro kernel. I'm marking this as a security issue on the ground that it's quite surprising that setting kernel.modules_disabled=1 as a hardening feature can be subverted by using kexec. [1] http://mjg59.dreamwidth.org/28746.html [2] https://lkml.org/lkml/2013/12/9/765 To enable kexec makes sense for a generic distro kernel. But if your users have root in their virtual machines, and you want to make it hard for them to run code in ring 0, you commonly disable further module loading and you also want to disable kexec[1]. Kees Cook wrote up a patch[2] that we'd like to see applied to the Ubuntu kernel to avoid recompilation of the distro kernel. I'm marking this as a security issue on the ground that it's quite surprising that setting kernel.modules_disabled=1 as a hardening feature can be subverted by using kexec. [1] http://mjg59.dreamwidth.org/28746.html [2] https://lkml.org/lkml/2013/12/9/765
2013-12-10 14:37:29 Margarita Manterola bug added subscriber Goobuntu Team
2013-12-10 14:52:15 Marc Deslauriers linux (Ubuntu): assignee Tyler Hicks (tyhicks)
2013-12-10 14:52:29 Marc Deslauriers tags rls-t-incoming
2013-12-10 14:55:25 Marc Deslauriers bug added subscriber Marc Deslauriers
2013-12-10 17:49:48 Joseph Salisbury linux (Ubuntu): importance Undecided Medium
2013-12-10 17:49:54 Joseph Salisbury tags rls-t-incoming rls-t-incoming trusty
2013-12-11 15:39:58 Kees Cook bug added subscriber Kees Cook
2013-12-11 18:08:07 Mark Russell bug added subscriber Canonical Support
2013-12-11 18:35:11 Marc Deslauriers nominated for series Ubuntu Precise
2013-12-11 18:35:11 Marc Deslauriers bug task added linux (Ubuntu Precise)
2013-12-11 18:35:11 Marc Deslauriers nominated for series Ubuntu Quantal
2013-12-11 18:35:11 Marc Deslauriers bug task added linux (Ubuntu Quantal)
2013-12-11 18:35:11 Marc Deslauriers nominated for series Ubuntu Trusty
2013-12-11 18:35:11 Marc Deslauriers bug task added linux (Ubuntu Trusty)
2013-12-11 18:35:11 Marc Deslauriers nominated for series Ubuntu Raring
2013-12-11 18:35:11 Marc Deslauriers bug task added linux (Ubuntu Raring)
2013-12-11 18:35:11 Marc Deslauriers nominated for series Ubuntu Saucy
2013-12-11 18:35:11 Marc Deslauriers bug task added linux (Ubuntu Saucy)
2013-12-11 18:35:27 Marc Deslauriers linux (Ubuntu Precise): status New Confirmed
2013-12-11 18:35:30 Marc Deslauriers linux (Ubuntu Precise): importance Undecided Medium
2013-12-11 18:35:36 Marc Deslauriers linux (Ubuntu Precise): assignee Tyler Hicks (tyhicks)
2014-02-07 13:56:53 Andy Whitcroft linux (Ubuntu Trusty): assignee Tyler Hicks (tyhicks) Andy Whitcroft (apw)
2014-02-07 13:56:56 Andy Whitcroft linux (Ubuntu Trusty): status Confirmed Fix Committed
2014-02-07 14:39:36 Andy Whitcroft linux (Ubuntu Precise): assignee Tyler Hicks (tyhicks)
2014-02-07 14:39:48 Andy Whitcroft linux (Ubuntu Precise): status Confirmed New
2014-02-07 16:29:32 Andy Whitcroft linux (Ubuntu Precise): status New Won't Fix
2014-02-07 16:29:35 Andy Whitcroft linux (Ubuntu Quantal): status New Won't Fix
2014-02-07 16:29:38 Andy Whitcroft linux (Ubuntu Raring): status New Won't Fix
2014-02-07 16:29:51 Andy Whitcroft linux (Ubuntu Saucy): status New In Progress
2014-02-07 16:29:54 Andy Whitcroft linux (Ubuntu Saucy): importance Undecided Medium
2014-02-07 16:29:57 Andy Whitcroft linux (Ubuntu Saucy): assignee Andy Whitcroft (apw)
2014-02-07 16:30:07 Andy Whitcroft bug task added linux-lts-saucy (Ubuntu)
2014-02-07 16:32:21 Andy Whitcroft linux-lts-saucy (Ubuntu Quantal): status New Invalid
2014-02-07 16:32:25 Andy Whitcroft linux-lts-saucy (Ubuntu Trusty): status New Invalid
2014-02-07 16:34:14 Andy Whitcroft linux-lts-saucy (Ubuntu Raring): status New Invalid
2014-02-07 16:34:19 Andy Whitcroft linux-lts-saucy (Ubuntu Saucy): status New Invalid
2014-02-07 16:34:23 Andy Whitcroft linux (Ubuntu Raring): status Won't Fix Invalid
2014-02-07 16:34:38 Andy Whitcroft linux-lts-saucy (Ubuntu Precise): status New In Progress
2014-02-07 16:34:38 Andy Whitcroft linux-lts-saucy (Ubuntu Precise): assignee Andy Whitcroft (apw)
2014-02-07 16:35:31 Andy Whitcroft linux-lts-saucy (Ubuntu Precise): assignee Andy Whitcroft (apw)
2014-02-10 09:59:19 Andy Whitcroft linux (Ubuntu Saucy): status In Progress Fix Committed
2014-02-10 09:59:38 Andy Whitcroft linux-lts-saucy (Ubuntu Precise): status In Progress Fix Committed
2014-02-13 00:00:01 Launchpad Janitor linux (Ubuntu Trusty): status Fix Committed Fix Released
2014-02-13 00:00:01 Launchpad Janitor cve linked 2014-1874
2014-02-24 15:27:42 Brad Figg tags rls-t-incoming trusty rls-t-incoming trusty verification-needed-saucy
2014-02-24 17:37:44 Philipp Kern tags rls-t-incoming trusty verification-needed-saucy rls-t-incoming trusty verification-done-saucy
2014-03-06 16:05:20 Launchpad Janitor linux-lts-saucy (Ubuntu Precise): status Fix Committed Fix Released
2014-03-06 16:17:41 Launchpad Janitor linux (Ubuntu Saucy): status Fix Committed Fix Released