oss-sec mailing list archives
Re: CVE-2016-5195 test case
From: Solar Designer <solar () openwall com>
Date: Sun, 30 Oct 2016 06:35:57 +0100
Hi Andy, On Thu, Oct 27, 2016 at 08:35:01AM -0700, Andy Lutomirski wrote:
I sat on this longer than makes any sense given how easy to reproduce CVE-2016-5195 is, but here's a reasonably portable reproducer. It's intended to have no side effects, but your mileage may vary. https://github.com/amluto/vulnerabilities/blob/master/others/CVE-2016-5195/test_CVE-2016-5195.c This will use /proc/self/mem or ptrace automatically, and it's intended to be portable to a wide range of kernels.
Unfortunately, it still didn't work on systems without O_TMPFILE or/and without a defined PR_SET_PTRACER_ANY. Attached is a slightly more portable version.
It's an improved version of the test case I originally sent out to distros (oops!).
Why "oops"? Do you mean just the distros vs. linux-distros issue? It's OK to send reproducers to the [linux-]distros list (the appropriate one) as long as you intend to make them public shortly after public disclosure of the issue itself (the earliest of: a few days or when other public exploits/reproducers show up). I think for most issues, which are not high impact or/and where non-trivial pre-conditions need to be met, it makes sense to make the (non-weaponized) reproducers public right away (on the initial public disclosure date, along with full vulnerability detail), but occasionally there will be issues like this where delaying posting the reproducer a little bit makes sense. It's just that I think you shouldn't have delayed as much. Ideally, you should have made a posting in here without the reproducer on the initial public disclosure date (in fact, that's your responsibility per the [linux-]distros list policy), and as others made reproducers available within a day, you should have also posted yours the next day. Just my opinion. Thank you for your help in handling of this issue! Alexander
Attachment:
test_CVE-2016-5195.c
Description:
Attachment:
test_CVE-2016-5195.c.diff
Description:
Current thread:
- CVE-2016-5195 test case Andy Lutomirski (Oct 27)
- Re: CVE-2016-5195 test case Solar Designer (Oct 29)