From: Richard Palethorpe <rpalethorpe@suse.com>
To: ltp@lists.linux.it
Subject: [LTP] [PATCH 0/1] uname26 exploit regression test
Date: Fri, 17 Feb 2017 11:36:53 +0100 [thread overview]
Message-ID: <20170217113653.595ce1b4@linux-v3j5> (raw)
Hi,
I have essentially rewritten the following expoit to be used in the LTP:
https://www.exploit-db.com/exploits/37937/ (Metan's idea AFAIK). There are
some issues which I came across while doing this, even though it is quite an
easy exploit to recreate.
1) How should we organise the exploit tests? I see Metan has added dirtyc0w
under that name in its own folder. Not all exploits have a fancy or unique
name however. I have just named the uname exploit with its CVE name and put
it in a new uname folder, but I'm not sure that is the best way either.
2) What is the appropriate runtest file for security tests? I think they
should be separated from functional tests.
3) The exploit code from the link is licensed under GPLv3. Although I rewrote
the LTP test from scratch, the fact I saw the exploit code raises the
question of whether my test is a derivative work. The easiest thing to do
would be to attribute the exploit code author and simply state that the
test is an adaptation, but then I believe the test would need to be GPLv3.
Of course, I can just ask the author to relicense the original under GPLv2,
but lets assume they don't consent or can't be contacted.
4) This is maybe a question for a security/kernel mailing list, but which
exploits are most likely to be reintroduced to the kernel? I am not sure
that this exploit is at high risk of being reintroduced. At least not into
mainline or any of the major distro branches.
Thank you,
Richard.
Richard Palethorpe (1):
security: Test for uname26 exploit cve-2012-0957
testcases/kernel/security/uname/.gitignore | 1 +
testcases/kernel/security/uname/Makefile | 20 ++++++
testcases/kernel/security/uname/cve-2012-0957.c | 86 +++++++++++++++++++++++++
3 files changed, 107 insertions(+)
create mode 100644 testcases/kernel/security/uname/.gitignore
create mode 100644 testcases/kernel/security/uname/Makefile
create mode 100644 testcases/kernel/security/uname/cve-2012-0957.c
--
2.11.0
next reply other threads:[~2017-02-17 10:36 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-02-17 10:36 Richard Palethorpe [this message]
2017-02-20 10:11 ` [LTP] [PATCH 0/1] uname26 exploit regression test Cyril Hrubis
2017-03-01 15:10 ` Richard Palethorpe
2017-03-01 15:57 ` Cyril Hrubis
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170217113653.595ce1b4@linux-v3j5 \
--to=rpalethorpe@suse.com \
--cc=ltp@lists.linux.it \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.