Activity log for bug #1683505

Date Who What changed Old value New value Message
2017-04-17 21:20:54 Leann Ogasawara bug added bug
2017-04-17 21:21:35 Leann Ogasawara nominated for series Ubuntu Yakkety
2017-04-17 21:21:35 Leann Ogasawara bug task added linux-raspi2 (Ubuntu Yakkety)
2017-04-17 21:21:35 Leann Ogasawara nominated for series Ubuntu Zesty
2017-04-17 21:21:35 Leann Ogasawara bug task added linux-raspi2 (Ubuntu Zesty)
2017-04-17 21:21:35 Leann Ogasawara nominated for series Ubuntu Xenial
2017-04-17 21:21:35 Leann Ogasawara bug task added linux-raspi2 (Ubuntu Xenial)
2017-04-18 17:20:16 Leann Ogasawara description Kees Cook is requesting the following be enabled for our Raspi2/3 enabled kernel: config CPU_SW_DOMAIN_PAN bool "Enable use of CPU domains to implement privileged no-access" depends on MMU && !ARM_LPAE default y help Increase kernel security by ensuring that normal kernel accesses are unable to access userspace addresses. This can help prevent use-after-free bugs becoming an exploitable privilege escalation by ensuring that magic values (such as LIST_POISON) will always fault when dereferenced. CPUs with low-vector mappings use a best-efforts implementation. Their lower 1MB needs to remain accessible for the vectors, but the remainder of userspace will become appropriately inaccessible. Kees Cook is requesting the following be enabled for our Raspi2/3 enabled kernel: config CPU_SW_DOMAIN_PAN         bool "Enable use of CPU domains to implement privileged no-access"         depends on MMU && !ARM_LPAE         default y         help           Increase kernel security by ensuring that normal kernel accesses           are unable to access userspace addresses. This can help prevent           use-after-free bugs becoming an exploitable privilege escalation           by ensuring that magic values (such as LIST_POISON) will always           fault when dereferenced.           CPUs with low-vector mappings use a best-efforts implementation.           Their lower 1MB needs to remain accessible for the vectors, but           the remainder of userspace will become appropriately inaccessible. Similarly, Kees noted that all the configs from ubuntu's 4.8 new defaults seem to be missing for raspi2/3. e.g.: CONFIG_HARDENED_USERCOPY=y CONFIG_SLAB_FREELIST_RANDOM=y CONFIG_DEBUG_LIST=y CONFIG_DEBUG_CREDENTIALS=y I suspect what actually needs to happen is a full config review comparison for our linux-raspi2 kernel.
2017-04-18 17:23:36 Leann Ogasawara description Kees Cook is requesting the following be enabled for our Raspi2/3 enabled kernel: config CPU_SW_DOMAIN_PAN         bool "Enable use of CPU domains to implement privileged no-access"         depends on MMU && !ARM_LPAE         default y         help           Increase kernel security by ensuring that normal kernel accesses           are unable to access userspace addresses. This can help prevent           use-after-free bugs becoming an exploitable privilege escalation           by ensuring that magic values (such as LIST_POISON) will always           fault when dereferenced.           CPUs with low-vector mappings use a best-efforts implementation.           Their lower 1MB needs to remain accessible for the vectors, but           the remainder of userspace will become appropriately inaccessible. Similarly, Kees noted that all the configs from ubuntu's 4.8 new defaults seem to be missing for raspi2/3. e.g.: CONFIG_HARDENED_USERCOPY=y CONFIG_SLAB_FREELIST_RANDOM=y CONFIG_DEBUG_LIST=y CONFIG_DEBUG_CREDENTIALS=y I suspect what actually needs to happen is a full config review comparison for our linux-raspi2 kernel. Kees Cook is requesting the following be enabled for our Raspi2/3 enabled kernel: config CPU_SW_DOMAIN_PAN         bool "Enable use of CPU domains to implement privileged no-access"         depends on MMU && !ARM_LPAE         default y         help           Increase kernel security by ensuring that normal kernel accesses           are unable to access userspace addresses. This can help prevent           use-after-free bugs becoming an exploitable privilege escalation           by ensuring that magic values (such as LIST_POISON) will always           fault when dereferenced.           CPUs with low-vector mappings use a best-efforts implementation.           Their lower 1MB needs to remain accessible for the vectors, but           the remainder of userspace will become appropriately inaccessible. Similarly, Kees noted that all the configs from ubuntu's 4.8 new defaults seem to be missing for raspi2/3. e.g.: CONFIG_HARDENED_USERCOPY=y CONFIG_SLAB_FREELIST_RANDOM=y CONFIG_DEBUG_LIST=y CONFIG_DEBUG_CREDENTIALS=y Kees also noted that it may ust be armhf/arm64 issue with the config.common.ubuntu being out of sync because fixing that solved his missing configs. I suspect what actually needs to happen is a full config review comparison for our linux-raspi2 kernel.
2017-05-17 16:20:24 Kleber Sacilotto de Souza linux-raspi2 (Ubuntu Xenial): status New Fix Committed
2017-06-06 13:18:14 Kleber Sacilotto de Souza tags verification-done-xenial
2017-06-06 15:06:27 Launchpad Janitor linux-raspi2 (Ubuntu Xenial): status Fix Committed Fix Released
2017-06-06 15:06:27 Launchpad Janitor cve linked 2017-0605
2017-06-30 09:55:43 Juerg Haefliger linux-raspi2 (Ubuntu Yakkety): status New Fix Committed
2017-06-30 09:55:48 Juerg Haefliger linux-raspi2 (Ubuntu Zesty): status New Fix Committed