From: Richard Palethorpe <rpalethorpe@suse.com>
To: ltp@lists.linux.it
Subject: [LTP] [PATCH 0/1] uname26 exploit regression test
Date: Fri, 17 Feb 2017 11:36:53 +0100 [thread overview]
Message-ID: <20170217113653.595ce1b4@linux-v3j5> (raw)
Hi,
I have essentially rewritten the following expoit to be used in the LTP:
https://www.exploit-db.com/exploits/37937/ (Metan's idea AFAIK). There are
some issues which I came across while doing this, even though it is quite an
easy exploit to recreate.
1) How should we organise the exploit tests? I see Metan has added dirtyc0w
under that name in its own folder. Not all exploits have a fancy or unique
name however. I have just named the uname exploit with its CVE name and put
it in a new uname folder, but I'm not sure that is the best way either.
2) What is the appropriate runtest file for security tests? I think they
should be separated from functional tests.
3) The exploit code from the link is licensed under GPLv3. Although I rewrote
the LTP test from scratch, the fact I saw the exploit code raises the
question of whether my test is a derivative work. The easiest thing to do
would be to attribute the exploit code author and simply state that the
test is an adaptation, but then I believe the test would need to be GPLv3.
Of course, I can just ask the author to relicense the original under GPLv2,
but lets assume they don't consent or can't be contacted.
4) This is maybe a question for a security/kernel mailing list, but which
exploits are most likely to be reintroduced to the kernel? I am not sure
that this exploit is at high risk of being reintroduced. At least not into
mainline or any of the major distro branches.
Thank you,
Richard.
Richard Palethorpe (1):
security: Test for uname26 exploit cve-2012-0957
testcases/kernel/security/uname/.gitignore | 1 +
testcases/kernel/security/uname/Makefile | 20 ++++++
testcases/kernel/security/uname/cve-2012-0957.c | 86 +++++++++++++++++++++++++
3 files changed, 107 insertions(+)
create mode 100644 testcases/kernel/security/uname/.gitignore
create mode 100644 testcases/kernel/security/uname/Makefile
create mode 100644 testcases/kernel/security/uname/cve-2012-0957.c
--
2.11.0
next reply other threads:[~2017-02-17 10:36 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-02-17 10:36 Richard Palethorpe [this message]
2017-02-20 10:11 ` [LTP] [PATCH 0/1] uname26 exploit regression test Cyril Hrubis
2017-03-01 15:10 ` Richard Palethorpe
2017-03-01 15:57 ` Cyril Hrubis
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170217113653.595ce1b4@linux-v3j5 \
--to=rpalethorpe@suse.com \
--cc=ltp@lists.linux.it \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox