[Kernel-packages] [Bug 1813001] Re: test_095_kernel_symbols_missing_proc_self_stack failed on P-LTS
** Changed in: ubuntu-kernel-tests Status: In Progress => Fix Released -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1813001 Title: test_095_kernel_symbols_missing_proc_self_stack failed on P-LTS Status in ubuntu-kernel-tests: Fix Released Status in linux package in Ubuntu: Invalid Status in linux source package in Trusty: Fix Released Bug description: [Impact] The testcase test_095_kernel_symbols_missing_proc_self_stack from ubuntu_qrt_kernel_security testsuite started to fail with Trusty kernel (3.13) after the fix for CVE-2018-17972 ("proc: restrict kernel stack dumps to root"), which prevents a regular user to read from /proc/self/stack. Kernel: 3.13.0-165.215~precise1 The test failed with: AssertionError: cat: /proc/self/stack: Permission denied FAIL: test_095_kernel_symbols_missing_proc_self_stack (__main__.KernelSecurityTest) kernel addresses in /proc/self/stack are zeroed out -- Traceback (most recent call last): File "./test-kernel-security.py", line 1364, in test_095_kernel_symbols_missing_proc_self_stack self._check_pK_files(self._095_kernel_symbols_missing_proc_self_stack, expected=expected) File "./test-kernel-security.py", line 1209, in _check_pK_files test_function(expected_restricted) File "./test-kernel-security.py", line 1320, in _095_kernel_symbols_missing_proc_self_stack expected, retry=True) File "./test-kernel-security.py", line 1146, in _read_twice self.assertEqual(rc, 0, regular) AssertionError: cat: /proc/self/stack: Permission denied The testcase checks the file permission before trying to read it, and for kernel 3.13 the permissions became inconsistent with what the user can actually do: $ cat /proc/self/stack cat: /proc/self/stack: Permission denied $ ls -l /proc/self/stack -r--r--r-- 1 ubuntu ubuntu 0 Jan 24 04:06 /proc/self/stack [Test Case] Run 'cat' and 'ls' on the file as stated above, or run the ubuntu_qrt_kernel_security testsuite and check for the results of the test_095_kernel_symbols_missing_proc_self_stack testcase. [Fix] Upstream commit 35a35046e4f9 ("procfs: make /proc/*/{stack,syscall,personality} 0400") applied for v3.15-rc1 fixes the issue. [Regression Potential] The upstream fix changes the permissions of the files /proc/*/{stack,syscall,personality}, so userspace which relies on reading these files as regular users might fail. However, this fixes a security issue and is already applied on our later series. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-kernel-tests/+bug/1813001/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1813001] Re: test_095_kernel_symbols_missing_proc_self_stack failed on P-LTS
This bug was fixed in the package linux - 3.13.0-166.216 --- linux (3.13.0-166.216) trusty; urgency=medium * linux: 3.13.0-166.216 -proposed tracker (LP: #1814645) * linux-buildinfo: pull out ABI information into its own package (LP: #1806380) - [Packaging] limit preparation to linux-libc-dev in headers - [Packaging] commonise debhelper invocation - [Packaging] ABI -- accumulate abi information at the end of the build - [Packaging] buildinfo -- add basic build information - [Packaging] buildinfo -- add firmware information to the flavour ABI - [Packaging] buildinfo -- add compiler information to the flavour ABI - [Packaging] buildinfo -- add buildinfo support to getabis - [Config] buildinfo -- add retpoline version markers - [Packaging] getabis -- handle all known package combinations - [Packaging] getabis -- support parsing a simple version - [Packaging] autoreconstruct -- base tag is always primary mainline version * signing: only install a signed kernel (LP: #1764794) - [Debian] usbip tools packaging - [Debian] Don't fail if a symlink already exists - [Debian] perf -- build in the context of the full generated local headers - [Debian] basic hook support - [Debian] follow rename of DEB_BUILD_PROFILES - [Debian] standardise on stage1 for the bootstrap stage in line with debian - [Debian] set do_*_tools after stage1 or bootstrap is determined - [Debian] initscripts need installing when making the package - [Packaging] reconstruct -- automatically reconstruct against base tag - [Debian] add feature interlock with mainline builds - [Debian] Remove generated intermediate files on clean - [Packaging] prevent linux-*-tools-common from being produced from non linux packages - SAUCE: ubuntu: vbox -- elide the new symlinks and reconstruct on clean: - [Debian] Update to new signing key type and location - [Packaging] autoreconstruct -- generate extend-diff-ignore for links - [Packaging] reconstruct -- update when inserting final changes - [Packaging] update to Debian like control scripts - [Packaging] switch to triggers for postinst.d postrm.d handling - [Packaging] signing -- switch to raw-signing tarballs - [Packaging] signing -- switch to linux-image as signed when available - [Packaging] printenv -- add signing options - [Packaging] fix invocation of header postinst hooks - [Packaging] signing -- add support for signing Opal kernel binaries - [Debian] Use src_pkg_name when constructing udeb control files - [Debian] Dynamically determine linux udebs package name - [Packaging] handle both linux-lts* and linux-hwe* as backports - [Config] linux-source-* is in the primary linux namespace - [Packaging] lookup the upstream tag - [Packaging] switch up to debhelper 9 - [Packaging] autopkgtest -- disable d-i when dropping flavours - [debian] support for ship_extras_package=false - [Debian] do_common_tools should always be on - [debian] do not force do_tools_common - [Packaging] skip cloud tools packaging when not building package - [debian] prep linux-libc-dev only if do_libc_dev_package=true * Packaging resync (LP: #1786013) - [Packaging] update helper scripts * kernel oops in bcache module (LP: #1793901) - SAUCE: bcache: never writeback a discard operation * iptables connlimit allows more connections than the limit when using multiple CPUs (LP: #1811094) - netfilter: connlimit: improve packet-to-closed-connection logic - netfilter: nf_conncount: fix garbage collection confirm race - netfilter: nf_conncount: don't skip eviction when age is negative * CVE-2019-6133 - fork: record start_time late * test_095_kernel_symbols_missing_proc_self_stack failed on P-LTS (LP: #1813001) - procfs: make /proc/*/{stack, syscall, personality} 0400 -- Kleber Sacilotto de Souza Thu, 07 Feb 2019 11:31:21 + ** Changed in: linux (Ubuntu Trusty) Status: Fix Committed => Fix Released ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-6133 -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1813001 Title: test_095_kernel_symbols_missing_proc_self_stack failed on P-LTS Status in ubuntu-kernel-tests: In Progress Status in linux package in Ubuntu: Invalid Status in linux source package in Trusty: Fix Released Bug description: [Impact] The testcase test_095_kernel_symbols_missing_proc_self_stack from ubuntu_qrt_kernel_security testsuite started to fail with Trusty kernel (3.13) after the fix for CVE-2018-17972 ("proc: restrict kernel stack dumps to root"), which prevents a regular user to read from /proc/self/stack. Kernel: 3.13.0-165.215~precise1 The test failed with: AssertionError: cat: /proc/self/stack: Permissi
[Kernel-packages] [Bug 1813001] Re: test_095_kernel_symbols_missing_proc_self_stack failed on P-LTS
New behavior with Trusty kernel 3.13.0-166-generic: ubuntu@autopkgtest:~$ ls -la /proc/self/stack -r 1 ubuntu ubuntu 0 Mar 6 15:43 /proc/self/stack ubuntu@autopkgtest:~$ cat /proc/self/stack cat: /proc/self/stack: Permission denied ** Tags removed: verification-needed-trusty ** Tags added: verification-done-trusty -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1813001 Title: test_095_kernel_symbols_missing_proc_self_stack failed on P-LTS Status in ubuntu-kernel-tests: In Progress Status in linux package in Ubuntu: Invalid Status in linux source package in Trusty: Fix Committed Bug description: [Impact] The testcase test_095_kernel_symbols_missing_proc_self_stack from ubuntu_qrt_kernel_security testsuite started to fail with Trusty kernel (3.13) after the fix for CVE-2018-17972 ("proc: restrict kernel stack dumps to root"), which prevents a regular user to read from /proc/self/stack. Kernel: 3.13.0-165.215~precise1 The test failed with: AssertionError: cat: /proc/self/stack: Permission denied FAIL: test_095_kernel_symbols_missing_proc_self_stack (__main__.KernelSecurityTest) kernel addresses in /proc/self/stack are zeroed out -- Traceback (most recent call last): File "./test-kernel-security.py", line 1364, in test_095_kernel_symbols_missing_proc_self_stack self._check_pK_files(self._095_kernel_symbols_missing_proc_self_stack, expected=expected) File "./test-kernel-security.py", line 1209, in _check_pK_files test_function(expected_restricted) File "./test-kernel-security.py", line 1320, in _095_kernel_symbols_missing_proc_self_stack expected, retry=True) File "./test-kernel-security.py", line 1146, in _read_twice self.assertEqual(rc, 0, regular) AssertionError: cat: /proc/self/stack: Permission denied The testcase checks the file permission before trying to read it, and for kernel 3.13 the permissions became inconsistent with what the user can actually do: $ cat /proc/self/stack cat: /proc/self/stack: Permission denied $ ls -l /proc/self/stack -r--r--r-- 1 ubuntu ubuntu 0 Jan 24 04:06 /proc/self/stack [Test Case] Run 'cat' and 'ls' on the file as stated above, or run the ubuntu_qrt_kernel_security testsuite and check for the results of the test_095_kernel_symbols_missing_proc_self_stack testcase. [Fix] Upstream commit 35a35046e4f9 ("procfs: make /proc/*/{stack,syscall,personality} 0400") applied for v3.15-rc1 fixes the issue. [Regression Potential] The upstream fix changes the permissions of the files /proc/*/{stack,syscall,personality}, so userspace which relies on reading these files as regular users might fail. However, this fixes a security issue and is already applied on our later series. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-kernel-tests/+bug/1813001/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1813001] Re: test_095_kernel_symbols_missing_proc_self_stack failed on P-LTS
There is a dependency issue with the kernel package installation, can't verify this now: https://bugs.launchpad.net/ubuntu/+source/linux-lts-trusty/+bug/1818474 -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1813001 Title: test_095_kernel_symbols_missing_proc_self_stack failed on P-LTS Status in ubuntu-kernel-tests: In Progress Status in linux package in Ubuntu: Invalid Status in linux source package in Trusty: Fix Committed Bug description: [Impact] The testcase test_095_kernel_symbols_missing_proc_self_stack from ubuntu_qrt_kernel_security testsuite started to fail with Trusty kernel (3.13) after the fix for CVE-2018-17972 ("proc: restrict kernel stack dumps to root"), which prevents a regular user to read from /proc/self/stack. Kernel: 3.13.0-165.215~precise1 The test failed with: AssertionError: cat: /proc/self/stack: Permission denied FAIL: test_095_kernel_symbols_missing_proc_self_stack (__main__.KernelSecurityTest) kernel addresses in /proc/self/stack are zeroed out -- Traceback (most recent call last): File "./test-kernel-security.py", line 1364, in test_095_kernel_symbols_missing_proc_self_stack self._check_pK_files(self._095_kernel_symbols_missing_proc_self_stack, expected=expected) File "./test-kernel-security.py", line 1209, in _check_pK_files test_function(expected_restricted) File "./test-kernel-security.py", line 1320, in _095_kernel_symbols_missing_proc_self_stack expected, retry=True) File "./test-kernel-security.py", line 1146, in _read_twice self.assertEqual(rc, 0, regular) AssertionError: cat: /proc/self/stack: Permission denied The testcase checks the file permission before trying to read it, and for kernel 3.13 the permissions became inconsistent with what the user can actually do: $ cat /proc/self/stack cat: /proc/self/stack: Permission denied $ ls -l /proc/self/stack -r--r--r-- 1 ubuntu ubuntu 0 Jan 24 04:06 /proc/self/stack [Test Case] Run 'cat' and 'ls' on the file as stated above, or run the ubuntu_qrt_kernel_security testsuite and check for the results of the test_095_kernel_symbols_missing_proc_self_stack testcase. [Fix] Upstream commit 35a35046e4f9 ("procfs: make /proc/*/{stack,syscall,personality} 0400") applied for v3.15-rc1 fixes the issue. [Regression Potential] The upstream fix changes the permissions of the files /proc/*/{stack,syscall,personality}, so userspace which relies on reading these files as regular users might fail. However, this fixes a security issue and is already applied on our later series. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-kernel-tests/+bug/1813001/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1813001] Re: test_095_kernel_symbols_missing_proc_self_stack failed on P-LTS
Final reminder: We are at the end of the SRU Cycle and request that you please provide verification the kernel in proposed resolves the problem for which this bug was submitted. -Thank you! -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1813001 Title: test_095_kernel_symbols_missing_proc_self_stack failed on P-LTS Status in ubuntu-kernel-tests: In Progress Status in linux package in Ubuntu: Invalid Status in linux source package in Trusty: Fix Committed Bug description: [Impact] The testcase test_095_kernel_symbols_missing_proc_self_stack from ubuntu_qrt_kernel_security testsuite started to fail with Trusty kernel (3.13) after the fix for CVE-2018-17972 ("proc: restrict kernel stack dumps to root"), which prevents a regular user to read from /proc/self/stack. Kernel: 3.13.0-165.215~precise1 The test failed with: AssertionError: cat: /proc/self/stack: Permission denied FAIL: test_095_kernel_symbols_missing_proc_self_stack (__main__.KernelSecurityTest) kernel addresses in /proc/self/stack are zeroed out -- Traceback (most recent call last): File "./test-kernel-security.py", line 1364, in test_095_kernel_symbols_missing_proc_self_stack self._check_pK_files(self._095_kernel_symbols_missing_proc_self_stack, expected=expected) File "./test-kernel-security.py", line 1209, in _check_pK_files test_function(expected_restricted) File "./test-kernel-security.py", line 1320, in _095_kernel_symbols_missing_proc_self_stack expected, retry=True) File "./test-kernel-security.py", line 1146, in _read_twice self.assertEqual(rc, 0, regular) AssertionError: cat: /proc/self/stack: Permission denied The testcase checks the file permission before trying to read it, and for kernel 3.13 the permissions became inconsistent with what the user can actually do: $ cat /proc/self/stack cat: /proc/self/stack: Permission denied $ ls -l /proc/self/stack -r--r--r-- 1 ubuntu ubuntu 0 Jan 24 04:06 /proc/self/stack [Test Case] Run 'cat' and 'ls' on the file as stated above, or run the ubuntu_qrt_kernel_security testsuite and check for the results of the test_095_kernel_symbols_missing_proc_self_stack testcase. [Fix] Upstream commit 35a35046e4f9 ("procfs: make /proc/*/{stack,syscall,personality} 0400") applied for v3.15-rc1 fixes the issue. [Regression Potential] The upstream fix changes the permissions of the files /proc/*/{stack,syscall,personality}, so userspace which relies on reading these files as regular users might fail. However, this fixes a security issue and is already applied on our later series. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-kernel-tests/+bug/1813001/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1813001] Re: test_095_kernel_symbols_missing_proc_self_stack failed on P-LTS
This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed- trusty' to 'verification-done-trusty'. If the problem still exists, change the tag 'verification-needed-trusty' to 'verification-failed- trusty'. If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you! ** Tags added: verification-needed-trusty -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1813001 Title: test_095_kernel_symbols_missing_proc_self_stack failed on P-LTS Status in ubuntu-kernel-tests: In Progress Status in linux package in Ubuntu: Invalid Status in linux source package in Trusty: Fix Committed Bug description: [Impact] The testcase test_095_kernel_symbols_missing_proc_self_stack from ubuntu_qrt_kernel_security testsuite started to fail with Trusty kernel (3.13) after the fix for CVE-2018-17972 ("proc: restrict kernel stack dumps to root"), which prevents a regular user to read from /proc/self/stack. Kernel: 3.13.0-165.215~precise1 The test failed with: AssertionError: cat: /proc/self/stack: Permission denied FAIL: test_095_kernel_symbols_missing_proc_self_stack (__main__.KernelSecurityTest) kernel addresses in /proc/self/stack are zeroed out -- Traceback (most recent call last): File "./test-kernel-security.py", line 1364, in test_095_kernel_symbols_missing_proc_self_stack self._check_pK_files(self._095_kernel_symbols_missing_proc_self_stack, expected=expected) File "./test-kernel-security.py", line 1209, in _check_pK_files test_function(expected_restricted) File "./test-kernel-security.py", line 1320, in _095_kernel_symbols_missing_proc_self_stack expected, retry=True) File "./test-kernel-security.py", line 1146, in _read_twice self.assertEqual(rc, 0, regular) AssertionError: cat: /proc/self/stack: Permission denied The testcase checks the file permission before trying to read it, and for kernel 3.13 the permissions became inconsistent with what the user can actually do: $ cat /proc/self/stack cat: /proc/self/stack: Permission denied $ ls -l /proc/self/stack -r--r--r-- 1 ubuntu ubuntu 0 Jan 24 04:06 /proc/self/stack [Test Case] Run 'cat' and 'ls' on the file as stated above, or run the ubuntu_qrt_kernel_security testsuite and check for the results of the test_095_kernel_symbols_missing_proc_self_stack testcase. [Fix] Upstream commit 35a35046e4f9 ("procfs: make /proc/*/{stack,syscall,personality} 0400") applied for v3.15-rc1 fixes the issue. [Regression Potential] The upstream fix changes the permissions of the files /proc/*/{stack,syscall,personality}, so userspace which relies on reading these files as regular users might fail. However, this fixes a security issue and is already applied on our later series. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-kernel-tests/+bug/1813001/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1813001] Re: test_095_kernel_symbols_missing_proc_self_stack failed on P-LTS
** Changed in: linux (Ubuntu Trusty) Status: In Progress => Fix Committed -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1813001 Title: test_095_kernel_symbols_missing_proc_self_stack failed on P-LTS Status in ubuntu-kernel-tests: In Progress Status in linux package in Ubuntu: Invalid Status in linux source package in Trusty: Fix Committed Bug description: [Impact] The testcase test_095_kernel_symbols_missing_proc_self_stack from ubuntu_qrt_kernel_security testsuite started to fail with Trusty kernel (3.13) after the fix for CVE-2018-17972 ("proc: restrict kernel stack dumps to root"), which prevents a regular user to read from /proc/self/stack. Kernel: 3.13.0-165.215~precise1 The test failed with: AssertionError: cat: /proc/self/stack: Permission denied FAIL: test_095_kernel_symbols_missing_proc_self_stack (__main__.KernelSecurityTest) kernel addresses in /proc/self/stack are zeroed out -- Traceback (most recent call last): File "./test-kernel-security.py", line 1364, in test_095_kernel_symbols_missing_proc_self_stack self._check_pK_files(self._095_kernel_symbols_missing_proc_self_stack, expected=expected) File "./test-kernel-security.py", line 1209, in _check_pK_files test_function(expected_restricted) File "./test-kernel-security.py", line 1320, in _095_kernel_symbols_missing_proc_self_stack expected, retry=True) File "./test-kernel-security.py", line 1146, in _read_twice self.assertEqual(rc, 0, regular) AssertionError: cat: /proc/self/stack: Permission denied The testcase checks the file permission before trying to read it, and for kernel 3.13 the permissions became inconsistent with what the user can actually do: $ cat /proc/self/stack cat: /proc/self/stack: Permission denied $ ls -l /proc/self/stack -r--r--r-- 1 ubuntu ubuntu 0 Jan 24 04:06 /proc/self/stack [Test Case] Run 'cat' and 'ls' on the file as stated above, or run the ubuntu_qrt_kernel_security testsuite and check for the results of the test_095_kernel_symbols_missing_proc_self_stack testcase. [Fix] Upstream commit 35a35046e4f9 ("procfs: make /proc/*/{stack,syscall,personality} 0400") applied for v3.15-rc1 fixes the issue. [Regression Potential] The upstream fix changes the permissions of the files /proc/*/{stack,syscall,personality}, so userspace which relies on reading these files as regular users might fail. However, this fixes a security issue and is already applied on our later series. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-kernel-tests/+bug/1813001/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1813001] Re: test_095_kernel_symbols_missing_proc_self_stack failed on P-LTS
SRU request sent: https://lists.ubuntu.com/archives/kernel-team/2019-January/098080.html -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1813001 Title: test_095_kernel_symbols_missing_proc_self_stack failed on P-LTS Status in ubuntu-kernel-tests: In Progress Status in linux package in Ubuntu: Invalid Status in linux source package in Trusty: In Progress Bug description: [Impact] The testcase test_095_kernel_symbols_missing_proc_self_stack from ubuntu_qrt_kernel_security testsuite started to fail with Trusty kernel (3.13) after the fix for CVE-2018-17972 ("proc: restrict kernel stack dumps to root"), which prevents a regular user to read from /proc/self/stack. Kernel: 3.13.0-165.215~precise1 The test failed with: AssertionError: cat: /proc/self/stack: Permission denied FAIL: test_095_kernel_symbols_missing_proc_self_stack (__main__.KernelSecurityTest) kernel addresses in /proc/self/stack are zeroed out -- Traceback (most recent call last): File "./test-kernel-security.py", line 1364, in test_095_kernel_symbols_missing_proc_self_stack self._check_pK_files(self._095_kernel_symbols_missing_proc_self_stack, expected=expected) File "./test-kernel-security.py", line 1209, in _check_pK_files test_function(expected_restricted) File "./test-kernel-security.py", line 1320, in _095_kernel_symbols_missing_proc_self_stack expected, retry=True) File "./test-kernel-security.py", line 1146, in _read_twice self.assertEqual(rc, 0, regular) AssertionError: cat: /proc/self/stack: Permission denied The testcase checks the file permission before trying to read it, and for kernel 3.13 the permissions became inconsistent with what the user can actually do: $ cat /proc/self/stack cat: /proc/self/stack: Permission denied $ ls -l /proc/self/stack -r--r--r-- 1 ubuntu ubuntu 0 Jan 24 04:06 /proc/self/stack [Test Case] Run 'cat' and 'ls' on the file as stated above, or run the ubuntu_qrt_kernel_security testsuite and check for the results of the test_095_kernel_symbols_missing_proc_self_stack testcase. [Fix] Upstream commit 35a35046e4f9 ("procfs: make /proc/*/{stack,syscall,personality} 0400") applied for v3.15-rc1 fixes the issue. [Regression Potential] The upstream fix changes the permissions of the files /proc/*/{stack,syscall,personality}, so userspace which relies on reading these files as regular users might fail. However, this fixes a security issue and is already applied on our later series. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-kernel-tests/+bug/1813001/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1813001] Re: test_095_kernel_symbols_missing_proc_self_stack failed on P-LTS
** Description changed: + [Impact] + + The testcase test_095_kernel_symbols_missing_proc_self_stack from + ubuntu_qrt_kernel_security testsuite started to fail with Trusty kernel + (3.13) after the fix for CVE-2018-17972 ("proc: restrict kernel stack + dumps to root"), which prevents a regular user to read from + /proc/self/stack. + Kernel: 3.13.0-165.215~precise1 The test failed with: - AssertionError: cat: /proc/self/stack: Permission denied - + AssertionError: cat: /proc/self/stack: Permission denied FAIL: test_095_kernel_symbols_missing_proc_self_stack (__main__.KernelSecurityTest) kernel addresses in /proc/self/stack are zeroed out -- Traceback (most recent call last): File "./test-kernel-security.py", line 1364, in test_095_kernel_symbols_missing_proc_self_stack self._check_pK_files(self._095_kernel_symbols_missing_proc_self_stack, expected=expected) File "./test-kernel-security.py", line 1209, in _check_pK_files test_function(expected_restricted) File "./test-kernel-security.py", line 1320, in _095_kernel_symbols_missing_proc_self_stack expected, retry=True) File "./test-kernel-security.py", line 1146, in _read_twice self.assertEqual(rc, 0, regular) AssertionError: cat: /proc/self/stack: Permission denied + + The testcase checks the file permission before trying to read it, and + for kernel 3.13 the permissions became inconsistent with what the user + can actually do: + + $ cat /proc/self/stack + cat: /proc/self/stack: Permission denied + $ ls -l /proc/self/stack + -r--r--r-- 1 ubuntu ubuntu 0 Jan 24 04:06 /proc/self/stack + + [Test Case] + Run 'cat' and 'ls' on the file as stated above, or run the ubuntu_qrt_kernel_security testsuite and check for the results of the test_095_kernel_symbols_missing_proc_self_stack testcase. + + [Fix] + Upstream commit 35a35046e4f9 ("procfs: make /proc/*/{stack,syscall,personality} 0400") applied for v3.15-rc1 fixes the issue. + + [Regression Potential] + The upstream fix changes the permissions of the files /proc/*/{stack,syscall,personality}, so userspace which relies on reading these files as regular users might fail. However, this fixes a security issue and is already applied on our later series. -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1813001 Title: test_095_kernel_symbols_missing_proc_self_stack failed on P-LTS Status in ubuntu-kernel-tests: In Progress Status in linux package in Ubuntu: Invalid Status in linux source package in Trusty: In Progress Bug description: [Impact] The testcase test_095_kernel_symbols_missing_proc_self_stack from ubuntu_qrt_kernel_security testsuite started to fail with Trusty kernel (3.13) after the fix for CVE-2018-17972 ("proc: restrict kernel stack dumps to root"), which prevents a regular user to read from /proc/self/stack. Kernel: 3.13.0-165.215~precise1 The test failed with: AssertionError: cat: /proc/self/stack: Permission denied FAIL: test_095_kernel_symbols_missing_proc_self_stack (__main__.KernelSecurityTest) kernel addresses in /proc/self/stack are zeroed out -- Traceback (most recent call last): File "./test-kernel-security.py", line 1364, in test_095_kernel_symbols_missing_proc_self_stack self._check_pK_files(self._095_kernel_symbols_missing_proc_self_stack, expected=expected) File "./test-kernel-security.py", line 1209, in _check_pK_files test_function(expected_restricted) File "./test-kernel-security.py", line 1320, in _095_kernel_symbols_missing_proc_self_stack expected, retry=True) File "./test-kernel-security.py", line 1146, in _read_twice self.assertEqual(rc, 0, regular) AssertionError: cat: /proc/self/stack: Permission denied The testcase checks the file permission before trying to read it, and for kernel 3.13 the permissions became inconsistent with what the user can actually do: $ cat /proc/self/stack cat: /proc/self/stack: Permission denied $ ls -l /proc/self/stack -r--r--r-- 1 ubuntu ubuntu 0 Jan 24 04:06 /proc/self/stack [Test Case] Run 'cat' and 'ls' on the file as stated above, or run the ubuntu_qrt_kernel_security testsuite and check for the results of the test_095_kernel_symbols_missing_proc_self_stack testcase. [Fix] Upstream commit 35a35046e4f9 ("procfs: make /proc/*/{stack,syscall,personality} 0400") applied for v3.15-rc1 fixes the issue. [Regression Potential] The upstream fix changes the permissions of the files /proc/*/{stack,syscall,personality}, so userspace which relies on reading these files as regular users might fail. However, this fixes a security issue and is already applied on our later series. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-kernel-
[Kernel-packages] [Bug 1813001] Re: test_095_kernel_symbols_missing_proc_self_stack failed on P-LTS
OK thanks, I will remove the qa-regression-testing here. ** No longer affects: qa-regression-testing ** Changed in: ubuntu-kernel-tests Status: New => In Progress ** Changed in: ubuntu-kernel-tests Assignee: (unassigned) => Kleber Sacilotto de Souza (kleber-souza) -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1813001 Title: test_095_kernel_symbols_missing_proc_self_stack failed on P-LTS Status in ubuntu-kernel-tests: In Progress Status in linux package in Ubuntu: Invalid Status in linux source package in Trusty: In Progress Bug description: Kernel: 3.13.0-165.215~precise1 The test failed with: AssertionError: cat: /proc/self/stack: Permission denied FAIL: test_095_kernel_symbols_missing_proc_self_stack (__main__.KernelSecurityTest) kernel addresses in /proc/self/stack are zeroed out -- Traceback (most recent call last): File "./test-kernel-security.py", line 1364, in test_095_kernel_symbols_missing_proc_self_stack self._check_pK_files(self._095_kernel_symbols_missing_proc_self_stack, expected=expected) File "./test-kernel-security.py", line 1209, in _check_pK_files test_function(expected_restricted) File "./test-kernel-security.py", line 1320, in _095_kernel_symbols_missing_proc_self_stack expected, retry=True) File "./test-kernel-security.py", line 1146, in _read_twice self.assertEqual(rc, 0, regular) AssertionError: cat: /proc/self/stack: Permission denied To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-kernel-tests/+bug/1813001/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1813001] Re: test_095_kernel_symbols_missing_proc_self_stack failed on P-LTS
I have identified the fix, I'm preparing it for a SRU request. ** Changed in: linux (Ubuntu Trusty) Status: Confirmed => In Progress -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1813001 Title: test_095_kernel_symbols_missing_proc_self_stack failed on P-LTS Status in QA Regression Testing: New Status in ubuntu-kernel-tests: New Status in linux package in Ubuntu: Invalid Status in linux source package in Trusty: In Progress Bug description: Kernel: 3.13.0-165.215~precise1 The test failed with: AssertionError: cat: /proc/self/stack: Permission denied FAIL: test_095_kernel_symbols_missing_proc_self_stack (__main__.KernelSecurityTest) kernel addresses in /proc/self/stack are zeroed out -- Traceback (most recent call last): File "./test-kernel-security.py", line 1364, in test_095_kernel_symbols_missing_proc_self_stack self._check_pK_files(self._095_kernel_symbols_missing_proc_self_stack, expected=expected) File "./test-kernel-security.py", line 1209, in _check_pK_files test_function(expected_restricted) File "./test-kernel-security.py", line 1320, in _095_kernel_symbols_missing_proc_self_stack expected, retry=True) File "./test-kernel-security.py", line 1146, in _read_twice self.assertEqual(rc, 0, regular) AssertionError: cat: /proc/self/stack: Permission denied To manage notifications about this bug go to: https://bugs.launchpad.net/qa-regression-testing/+bug/1813001/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1813001] Re: test_095_kernel_symbols_missing_proc_self_stack failed on P-LTS
** Changed in: linux (Ubuntu Trusty) Assignee: (unassigned) => Kleber Sacilotto de Souza (kleber-souza) ** Changed in: linux (Ubuntu Trusty) Importance: Undecided => Medium -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1813001 Title: test_095_kernel_symbols_missing_proc_self_stack failed on P-LTS Status in QA Regression Testing: New Status in ubuntu-kernel-tests: New Status in linux package in Ubuntu: Invalid Status in linux source package in Trusty: Confirmed Bug description: Kernel: 3.13.0-165.215~precise1 The test failed with: AssertionError: cat: /proc/self/stack: Permission denied FAIL: test_095_kernel_symbols_missing_proc_self_stack (__main__.KernelSecurityTest) kernel addresses in /proc/self/stack are zeroed out -- Traceback (most recent call last): File "./test-kernel-security.py", line 1364, in test_095_kernel_symbols_missing_proc_self_stack self._check_pK_files(self._095_kernel_symbols_missing_proc_self_stack, expected=expected) File "./test-kernel-security.py", line 1209, in _check_pK_files test_function(expected_restricted) File "./test-kernel-security.py", line 1320, in _095_kernel_symbols_missing_proc_self_stack expected, retry=True) File "./test-kernel-security.py", line 1146, in _read_twice self.assertEqual(rc, 0, regular) AssertionError: cat: /proc/self/stack: Permission denied To manage notifications about this bug go to: https://bugs.launchpad.net/qa-regression-testing/+bug/1813001/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1813001] Re: test_095_kernel_symbols_missing_proc_self_stack failed on P-LTS
Sorry Sam, I misunderstood your comment. With the Bionic kernel, before the fix for CVE-2018-17972 ("proc: restrict kernel stack dumps to root") the behavior was: -- $ uname -r 4.15.0-38-generic $ ls -la /proc/self/stack -r 1 ubuntu ubuntu 0 Jan 24 15:04 /proc/self/stack $ cat /proc/self/stack [<0>] proc_pid_stack+0xaa/0x100 [<0>] proc_single_show+0x56/0x80 [<0>] seq_read+0xe5/0x430 [<0>] __vfs_read+0x1b/0x40 [<0>] vfs_read+0x8e/0x130 [<0>] SyS_read+0x55/0xc0 [<0>] do_syscall_64+0x73/0x130 [<0>] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [<0>] 0x -- With the fix it's now: -- $ uname -r 4.15.0-44-generic $ ls -la /proc/self/stack -r 1 ubuntu ubuntu 0 Jan 24 15:10 /proc/self/stack $ cat /proc/self/stack cat: /proc/self/stack: Permission denied -- So you are right, the permission on the trusty kernel (3.13) should be the same. ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-17972 ** Also affects: linux (Ubuntu Trusty) Importance: Undecided Status: New ** Changed in: linux (Ubuntu Trusty) Status: New => Confirmed -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1813001 Title: test_095_kernel_symbols_missing_proc_self_stack failed on P-LTS Status in QA Regression Testing: New Status in ubuntu-kernel-tests: New Status in linux package in Ubuntu: Invalid Status in linux source package in Trusty: Confirmed Bug description: Kernel: 3.13.0-165.215~precise1 The test failed with: AssertionError: cat: /proc/self/stack: Permission denied FAIL: test_095_kernel_symbols_missing_proc_self_stack (__main__.KernelSecurityTest) kernel addresses in /proc/self/stack are zeroed out -- Traceback (most recent call last): File "./test-kernel-security.py", line 1364, in test_095_kernel_symbols_missing_proc_self_stack self._check_pK_files(self._095_kernel_symbols_missing_proc_self_stack, expected=expected) File "./test-kernel-security.py", line 1209, in _check_pK_files test_function(expected_restricted) File "./test-kernel-security.py", line 1320, in _095_kernel_symbols_missing_proc_self_stack expected, retry=True) File "./test-kernel-security.py", line 1146, in _read_twice self.assertEqual(rc, 0, regular) AssertionError: cat: /proc/self/stack: Permission denied To manage notifications about this bug go to: https://bugs.launchpad.net/qa-regression-testing/+bug/1813001/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1813001] Re: test_095_kernel_symbols_missing_proc_self_stack failed on P-LTS
Setting the linux task to 'Invalid', since this is the expected permission of the file now for all our kernels. ** Changed in: linux (Ubuntu) Status: Incomplete => Invalid -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1813001 Title: test_095_kernel_symbols_missing_proc_self_stack failed on P-LTS Status in QA Regression Testing: New Status in ubuntu-kernel-tests: New Status in linux package in Ubuntu: Invalid Bug description: Kernel: 3.13.0-165.215~precise1 The test failed with: AssertionError: cat: /proc/self/stack: Permission denied FAIL: test_095_kernel_symbols_missing_proc_self_stack (__main__.KernelSecurityTest) kernel addresses in /proc/self/stack are zeroed out -- Traceback (most recent call last): File "./test-kernel-security.py", line 1364, in test_095_kernel_symbols_missing_proc_self_stack self._check_pK_files(self._095_kernel_symbols_missing_proc_self_stack, expected=expected) File "./test-kernel-security.py", line 1209, in _check_pK_files test_function(expected_restricted) File "./test-kernel-security.py", line 1320, in _095_kernel_symbols_missing_proc_self_stack expected, retry=True) File "./test-kernel-security.py", line 1146, in _read_twice self.assertEqual(rc, 0, regular) AssertionError: cat: /proc/self/stack: Permission denied To manage notifications about this bug go to: https://bugs.launchpad.net/qa-regression-testing/+bug/1813001/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1813001] Re: test_095_kernel_symbols_missing_proc_self_stack failed on P-LTS
** Also affects: linux (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1813001 Title: test_095_kernel_symbols_missing_proc_self_stack failed on P-LTS Status in QA Regression Testing: New Status in ubuntu-kernel-tests: New Status in linux package in Ubuntu: Incomplete Bug description: Kernel: 3.13.0-165.215~precise1 The test failed with: AssertionError: cat: /proc/self/stack: Permission denied FAIL: test_095_kernel_symbols_missing_proc_self_stack (__main__.KernelSecurityTest) kernel addresses in /proc/self/stack are zeroed out -- Traceback (most recent call last): File "./test-kernel-security.py", line 1364, in test_095_kernel_symbols_missing_proc_self_stack self._check_pK_files(self._095_kernel_symbols_missing_proc_self_stack, expected=expected) File "./test-kernel-security.py", line 1209, in _check_pK_files test_function(expected_restricted) File "./test-kernel-security.py", line 1320, in _095_kernel_symbols_missing_proc_self_stack expected, retry=True) File "./test-kernel-security.py", line 1146, in _read_twice self.assertEqual(rc, 0, regular) AssertionError: cat: /proc/self/stack: Permission denied To manage notifications about this bug go to: https://bugs.launchpad.net/qa-regression-testing/+bug/1813001/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp