[Kernel-packages] [Bug 1813001] Re: test_095_kernel_symbols_missing_proc_self_stack failed on P-LTS
** Changed in: ubuntu-kernel-tests
Status: In Progress => Fix Released
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1813001
Title:
test_095_kernel_symbols_missing_proc_self_stack failed on P-LTS
Status in ubuntu-kernel-tests:
Fix Released
Status in linux package in Ubuntu:
Invalid
Status in linux source package in Trusty:
Fix Released
Bug description:
[Impact]
The testcase test_095_kernel_symbols_missing_proc_self_stack from
ubuntu_qrt_kernel_security testsuite started to fail with Trusty
kernel (3.13) after the fix for CVE-2018-17972 ("proc: restrict kernel
stack dumps to root"), which prevents a regular user to read from
/proc/self/stack.
Kernel: 3.13.0-165.215~precise1
The test failed with:
AssertionError: cat: /proc/self/stack: Permission denied
FAIL: test_095_kernel_symbols_missing_proc_self_stack
(__main__.KernelSecurityTest)
kernel addresses in /proc/self/stack are zeroed out
--
Traceback (most recent call last):
File "./test-kernel-security.py", line 1364, in
test_095_kernel_symbols_missing_proc_self_stack
self._check_pK_files(self._095_kernel_symbols_missing_proc_self_stack,
expected=expected)
File "./test-kernel-security.py", line 1209, in _check_pK_files
test_function(expected_restricted)
File "./test-kernel-security.py", line 1320, in
_095_kernel_symbols_missing_proc_self_stack
expected, retry=True)
File "./test-kernel-security.py", line 1146, in _read_twice
self.assertEqual(rc, 0, regular)
AssertionError: cat: /proc/self/stack: Permission denied
The testcase checks the file permission before trying to read it, and
for kernel 3.13 the permissions became inconsistent with what the user
can actually do:
$ cat /proc/self/stack
cat: /proc/self/stack: Permission denied
$ ls -l /proc/self/stack
-r--r--r-- 1 ubuntu ubuntu 0 Jan 24 04:06 /proc/self/stack
[Test Case]
Run 'cat' and 'ls' on the file as stated above, or run the
ubuntu_qrt_kernel_security testsuite and check for the results of the
test_095_kernel_symbols_missing_proc_self_stack testcase.
[Fix]
Upstream commit 35a35046e4f9 ("procfs: make
/proc/*/{stack,syscall,personality} 0400") applied for v3.15-rc1 fixes the
issue.
[Regression Potential]
The upstream fix changes the permissions of the files
/proc/*/{stack,syscall,personality}, so userspace which relies on reading these
files as regular users might fail. However, this fixes a security issue and is
already applied on our later series.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu-kernel-tests/+bug/1813001/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1813001] Re: test_095_kernel_symbols_missing_proc_self_stack failed on P-LTS
This bug was fixed in the package linux - 3.13.0-166.216
---
linux (3.13.0-166.216) trusty; urgency=medium
* linux: 3.13.0-166.216 -proposed tracker (LP: #1814645)
* linux-buildinfo: pull out ABI information into its own package
(LP: #1806380)
- [Packaging] limit preparation to linux-libc-dev in headers
- [Packaging] commonise debhelper invocation
- [Packaging] ABI -- accumulate abi information at the end of the build
- [Packaging] buildinfo -- add basic build information
- [Packaging] buildinfo -- add firmware information to the flavour ABI
- [Packaging] buildinfo -- add compiler information to the flavour ABI
- [Packaging] buildinfo -- add buildinfo support to getabis
- [Config] buildinfo -- add retpoline version markers
- [Packaging] getabis -- handle all known package combinations
- [Packaging] getabis -- support parsing a simple version
- [Packaging] autoreconstruct -- base tag is always primary mainline version
* signing: only install a signed kernel (LP: #1764794)
- [Debian] usbip tools packaging
- [Debian] Don't fail if a symlink already exists
- [Debian] perf -- build in the context of the full generated local headers
- [Debian] basic hook support
- [Debian] follow rename of DEB_BUILD_PROFILES
- [Debian] standardise on stage1 for the bootstrap stage in line with debian
- [Debian] set do_*_tools after stage1 or bootstrap is determined
- [Debian] initscripts need installing when making the package
- [Packaging] reconstruct -- automatically reconstruct against base tag
- [Debian] add feature interlock with mainline builds
- [Debian] Remove generated intermediate files on clean
- [Packaging] prevent linux-*-tools-common from being produced from non
linux
packages
- SAUCE: ubuntu: vbox -- elide the new symlinks and reconstruct on clean:
- [Debian] Update to new signing key type and location
- [Packaging] autoreconstruct -- generate extend-diff-ignore for links
- [Packaging] reconstruct -- update when inserting final changes
- [Packaging] update to Debian like control scripts
- [Packaging] switch to triggers for postinst.d postrm.d handling
- [Packaging] signing -- switch to raw-signing tarballs
- [Packaging] signing -- switch to linux-image as signed when available
- [Packaging] printenv -- add signing options
- [Packaging] fix invocation of header postinst hooks
- [Packaging] signing -- add support for signing Opal kernel binaries
- [Debian] Use src_pkg_name when constructing udeb control files
- [Debian] Dynamically determine linux udebs package name
- [Packaging] handle both linux-lts* and linux-hwe* as backports
- [Config] linux-source-* is in the primary linux namespace
- [Packaging] lookup the upstream tag
- [Packaging] switch up to debhelper 9
- [Packaging] autopkgtest -- disable d-i when dropping flavours
- [debian] support for ship_extras_package=false
- [Debian] do_common_tools should always be on
- [debian] do not force do_tools_common
- [Packaging] skip cloud tools packaging when not building package
- [debian] prep linux-libc-dev only if do_libc_dev_package=true
* Packaging resync (LP: #1786013)
- [Packaging] update helper scripts
* kernel oops in bcache module (LP: #1793901)
- SAUCE: bcache: never writeback a discard operation
* iptables connlimit allows more connections than the limit when using
multiple CPUs (LP: #1811094)
- netfilter: connlimit: improve packet-to-closed-connection logic
- netfilter: nf_conncount: fix garbage collection confirm race
- netfilter: nf_conncount: don't skip eviction when age is negative
* CVE-2019-6133
- fork: record start_time late
* test_095_kernel_symbols_missing_proc_self_stack failed on P-LTS
(LP: #1813001)
- procfs: make /proc/*/{stack, syscall, personality} 0400
-- Kleber Sacilotto de Souza Thu, 07 Feb
2019 11:31:21 +
** Changed in: linux (Ubuntu Trusty)
Status: Fix Committed => Fix Released
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-6133
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1813001
Title:
test_095_kernel_symbols_missing_proc_self_stack failed on P-LTS
Status in ubuntu-kernel-tests:
In Progress
Status in linux package in Ubuntu:
Invalid
Status in linux source package in Trusty:
Fix Released
Bug description:
[Impact]
The testcase test_095_kernel_symbols_missing_proc_self_stack from
ubuntu_qrt_kernel_security testsuite started to fail with Trusty
kernel (3.13) after the fix for CVE-2018-17972 ("proc: restrict kernel
stack dumps to root"), which prevents a regular user to read from
/proc/self/stack.
Kernel: 3.13.0-165.215~precise1
The test failed with:
AssertionError: cat: /proc/self/stack:
[Kernel-packages] [Bug 1813001] Re: test_095_kernel_symbols_missing_proc_self_stack failed on P-LTS
New behavior with Trusty kernel 3.13.0-166-generic:
ubuntu@autopkgtest:~$ ls -la /proc/self/stack
-r 1 ubuntu ubuntu 0 Mar 6 15:43 /proc/self/stack
ubuntu@autopkgtest:~$ cat /proc/self/stack
cat: /proc/self/stack: Permission denied
** Tags removed: verification-needed-trusty
** Tags added: verification-done-trusty
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1813001
Title:
test_095_kernel_symbols_missing_proc_self_stack failed on P-LTS
Status in ubuntu-kernel-tests:
In Progress
Status in linux package in Ubuntu:
Invalid
Status in linux source package in Trusty:
Fix Committed
Bug description:
[Impact]
The testcase test_095_kernel_symbols_missing_proc_self_stack from
ubuntu_qrt_kernel_security testsuite started to fail with Trusty
kernel (3.13) after the fix for CVE-2018-17972 ("proc: restrict kernel
stack dumps to root"), which prevents a regular user to read from
/proc/self/stack.
Kernel: 3.13.0-165.215~precise1
The test failed with:
AssertionError: cat: /proc/self/stack: Permission denied
FAIL: test_095_kernel_symbols_missing_proc_self_stack
(__main__.KernelSecurityTest)
kernel addresses in /proc/self/stack are zeroed out
--
Traceback (most recent call last):
File "./test-kernel-security.py", line 1364, in
test_095_kernel_symbols_missing_proc_self_stack
self._check_pK_files(self._095_kernel_symbols_missing_proc_self_stack,
expected=expected)
File "./test-kernel-security.py", line 1209, in _check_pK_files
test_function(expected_restricted)
File "./test-kernel-security.py", line 1320, in
_095_kernel_symbols_missing_proc_self_stack
expected, retry=True)
File "./test-kernel-security.py", line 1146, in _read_twice
self.assertEqual(rc, 0, regular)
AssertionError: cat: /proc/self/stack: Permission denied
The testcase checks the file permission before trying to read it, and
for kernel 3.13 the permissions became inconsistent with what the user
can actually do:
$ cat /proc/self/stack
cat: /proc/self/stack: Permission denied
$ ls -l /proc/self/stack
-r--r--r-- 1 ubuntu ubuntu 0 Jan 24 04:06 /proc/self/stack
[Test Case]
Run 'cat' and 'ls' on the file as stated above, or run the
ubuntu_qrt_kernel_security testsuite and check for the results of the
test_095_kernel_symbols_missing_proc_self_stack testcase.
[Fix]
Upstream commit 35a35046e4f9 ("procfs: make
/proc/*/{stack,syscall,personality} 0400") applied for v3.15-rc1 fixes the
issue.
[Regression Potential]
The upstream fix changes the permissions of the files
/proc/*/{stack,syscall,personality}, so userspace which relies on reading these
files as regular users might fail. However, this fixes a security issue and is
already applied on our later series.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu-kernel-tests/+bug/1813001/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1813001] Re: test_095_kernel_symbols_missing_proc_self_stack failed on P-LTS
There is a dependency issue with the kernel package installation, can't verify
this now:
https://bugs.launchpad.net/ubuntu/+source/linux-lts-trusty/+bug/1818474
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1813001
Title:
test_095_kernel_symbols_missing_proc_self_stack failed on P-LTS
Status in ubuntu-kernel-tests:
In Progress
Status in linux package in Ubuntu:
Invalid
Status in linux source package in Trusty:
Fix Committed
Bug description:
[Impact]
The testcase test_095_kernel_symbols_missing_proc_self_stack from
ubuntu_qrt_kernel_security testsuite started to fail with Trusty
kernel (3.13) after the fix for CVE-2018-17972 ("proc: restrict kernel
stack dumps to root"), which prevents a regular user to read from
/proc/self/stack.
Kernel: 3.13.0-165.215~precise1
The test failed with:
AssertionError: cat: /proc/self/stack: Permission denied
FAIL: test_095_kernel_symbols_missing_proc_self_stack
(__main__.KernelSecurityTest)
kernel addresses in /proc/self/stack are zeroed out
--
Traceback (most recent call last):
File "./test-kernel-security.py", line 1364, in
test_095_kernel_symbols_missing_proc_self_stack
self._check_pK_files(self._095_kernel_symbols_missing_proc_self_stack,
expected=expected)
File "./test-kernel-security.py", line 1209, in _check_pK_files
test_function(expected_restricted)
File "./test-kernel-security.py", line 1320, in
_095_kernel_symbols_missing_proc_self_stack
expected, retry=True)
File "./test-kernel-security.py", line 1146, in _read_twice
self.assertEqual(rc, 0, regular)
AssertionError: cat: /proc/self/stack: Permission denied
The testcase checks the file permission before trying to read it, and
for kernel 3.13 the permissions became inconsistent with what the user
can actually do:
$ cat /proc/self/stack
cat: /proc/self/stack: Permission denied
$ ls -l /proc/self/stack
-r--r--r-- 1 ubuntu ubuntu 0 Jan 24 04:06 /proc/self/stack
[Test Case]
Run 'cat' and 'ls' on the file as stated above, or run the
ubuntu_qrt_kernel_security testsuite and check for the results of the
test_095_kernel_symbols_missing_proc_self_stack testcase.
[Fix]
Upstream commit 35a35046e4f9 ("procfs: make
/proc/*/{stack,syscall,personality} 0400") applied for v3.15-rc1 fixes the
issue.
[Regression Potential]
The upstream fix changes the permissions of the files
/proc/*/{stack,syscall,personality}, so userspace which relies on reading these
files as regular users might fail. However, this fixes a security issue and is
already applied on our later series.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu-kernel-tests/+bug/1813001/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1813001] Re: test_095_kernel_symbols_missing_proc_self_stack failed on P-LTS
Final reminder: We are at the end of the SRU Cycle and request that you
please provide verification the kernel in proposed resolves the problem
for which this bug was submitted. -Thank you!
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1813001
Title:
test_095_kernel_symbols_missing_proc_self_stack failed on P-LTS
Status in ubuntu-kernel-tests:
In Progress
Status in linux package in Ubuntu:
Invalid
Status in linux source package in Trusty:
Fix Committed
Bug description:
[Impact]
The testcase test_095_kernel_symbols_missing_proc_self_stack from
ubuntu_qrt_kernel_security testsuite started to fail with Trusty
kernel (3.13) after the fix for CVE-2018-17972 ("proc: restrict kernel
stack dumps to root"), which prevents a regular user to read from
/proc/self/stack.
Kernel: 3.13.0-165.215~precise1
The test failed with:
AssertionError: cat: /proc/self/stack: Permission denied
FAIL: test_095_kernel_symbols_missing_proc_self_stack
(__main__.KernelSecurityTest)
kernel addresses in /proc/self/stack are zeroed out
--
Traceback (most recent call last):
File "./test-kernel-security.py", line 1364, in
test_095_kernel_symbols_missing_proc_self_stack
self._check_pK_files(self._095_kernel_symbols_missing_proc_self_stack,
expected=expected)
File "./test-kernel-security.py", line 1209, in _check_pK_files
test_function(expected_restricted)
File "./test-kernel-security.py", line 1320, in
_095_kernel_symbols_missing_proc_self_stack
expected, retry=True)
File "./test-kernel-security.py", line 1146, in _read_twice
self.assertEqual(rc, 0, regular)
AssertionError: cat: /proc/self/stack: Permission denied
The testcase checks the file permission before trying to read it, and
for kernel 3.13 the permissions became inconsistent with what the user
can actually do:
$ cat /proc/self/stack
cat: /proc/self/stack: Permission denied
$ ls -l /proc/self/stack
-r--r--r-- 1 ubuntu ubuntu 0 Jan 24 04:06 /proc/self/stack
[Test Case]
Run 'cat' and 'ls' on the file as stated above, or run the
ubuntu_qrt_kernel_security testsuite and check for the results of the
test_095_kernel_symbols_missing_proc_self_stack testcase.
[Fix]
Upstream commit 35a35046e4f9 ("procfs: make
/proc/*/{stack,syscall,personality} 0400") applied for v3.15-rc1 fixes the
issue.
[Regression Potential]
The upstream fix changes the permissions of the files
/proc/*/{stack,syscall,personality}, so userspace which relies on reading these
files as regular users might fail. However, this fixes a security issue and is
already applied on our later series.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu-kernel-tests/+bug/1813001/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1813001] Re: test_095_kernel_symbols_missing_proc_self_stack failed on P-LTS
This bug is awaiting verification that the kernel in -proposed solves
the problem. Please test the kernel and update this bug with the
results. If the problem is solved, change the tag 'verification-needed-
trusty' to 'verification-done-trusty'. If the problem still exists,
change the tag 'verification-needed-trusty' to 'verification-failed-
trusty'.
If verification is not done by 5 working days from today, this fix will
be dropped from the source code, and this bug will be closed.
See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how
to enable and use -proposed. Thank you!
** Tags added: verification-needed-trusty
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1813001
Title:
test_095_kernel_symbols_missing_proc_self_stack failed on P-LTS
Status in ubuntu-kernel-tests:
In Progress
Status in linux package in Ubuntu:
Invalid
Status in linux source package in Trusty:
Fix Committed
Bug description:
[Impact]
The testcase test_095_kernel_symbols_missing_proc_self_stack from
ubuntu_qrt_kernel_security testsuite started to fail with Trusty
kernel (3.13) after the fix for CVE-2018-17972 ("proc: restrict kernel
stack dumps to root"), which prevents a regular user to read from
/proc/self/stack.
Kernel: 3.13.0-165.215~precise1
The test failed with:
AssertionError: cat: /proc/self/stack: Permission denied
FAIL: test_095_kernel_symbols_missing_proc_self_stack
(__main__.KernelSecurityTest)
kernel addresses in /proc/self/stack are zeroed out
--
Traceback (most recent call last):
File "./test-kernel-security.py", line 1364, in
test_095_kernel_symbols_missing_proc_self_stack
self._check_pK_files(self._095_kernel_symbols_missing_proc_self_stack,
expected=expected)
File "./test-kernel-security.py", line 1209, in _check_pK_files
test_function(expected_restricted)
File "./test-kernel-security.py", line 1320, in
_095_kernel_symbols_missing_proc_self_stack
expected, retry=True)
File "./test-kernel-security.py", line 1146, in _read_twice
self.assertEqual(rc, 0, regular)
AssertionError: cat: /proc/self/stack: Permission denied
The testcase checks the file permission before trying to read it, and
for kernel 3.13 the permissions became inconsistent with what the user
can actually do:
$ cat /proc/self/stack
cat: /proc/self/stack: Permission denied
$ ls -l /proc/self/stack
-r--r--r-- 1 ubuntu ubuntu 0 Jan 24 04:06 /proc/self/stack
[Test Case]
Run 'cat' and 'ls' on the file as stated above, or run the
ubuntu_qrt_kernel_security testsuite and check for the results of the
test_095_kernel_symbols_missing_proc_self_stack testcase.
[Fix]
Upstream commit 35a35046e4f9 ("procfs: make
/proc/*/{stack,syscall,personality} 0400") applied for v3.15-rc1 fixes the
issue.
[Regression Potential]
The upstream fix changes the permissions of the files
/proc/*/{stack,syscall,personality}, so userspace which relies on reading these
files as regular users might fail. However, this fixes a security issue and is
already applied on our later series.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu-kernel-tests/+bug/1813001/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1813001] Re: test_095_kernel_symbols_missing_proc_self_stack failed on P-LTS
** Changed in: linux (Ubuntu Trusty)
Status: In Progress => Fix Committed
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1813001
Title:
test_095_kernel_symbols_missing_proc_self_stack failed on P-LTS
Status in ubuntu-kernel-tests:
In Progress
Status in linux package in Ubuntu:
Invalid
Status in linux source package in Trusty:
Fix Committed
Bug description:
[Impact]
The testcase test_095_kernel_symbols_missing_proc_self_stack from
ubuntu_qrt_kernel_security testsuite started to fail with Trusty
kernel (3.13) after the fix for CVE-2018-17972 ("proc: restrict kernel
stack dumps to root"), which prevents a regular user to read from
/proc/self/stack.
Kernel: 3.13.0-165.215~precise1
The test failed with:
AssertionError: cat: /proc/self/stack: Permission denied
FAIL: test_095_kernel_symbols_missing_proc_self_stack
(__main__.KernelSecurityTest)
kernel addresses in /proc/self/stack are zeroed out
--
Traceback (most recent call last):
File "./test-kernel-security.py", line 1364, in
test_095_kernel_symbols_missing_proc_self_stack
self._check_pK_files(self._095_kernel_symbols_missing_proc_self_stack,
expected=expected)
File "./test-kernel-security.py", line 1209, in _check_pK_files
test_function(expected_restricted)
File "./test-kernel-security.py", line 1320, in
_095_kernel_symbols_missing_proc_self_stack
expected, retry=True)
File "./test-kernel-security.py", line 1146, in _read_twice
self.assertEqual(rc, 0, regular)
AssertionError: cat: /proc/self/stack: Permission denied
The testcase checks the file permission before trying to read it, and
for kernel 3.13 the permissions became inconsistent with what the user
can actually do:
$ cat /proc/self/stack
cat: /proc/self/stack: Permission denied
$ ls -l /proc/self/stack
-r--r--r-- 1 ubuntu ubuntu 0 Jan 24 04:06 /proc/self/stack
[Test Case]
Run 'cat' and 'ls' on the file as stated above, or run the
ubuntu_qrt_kernel_security testsuite and check for the results of the
test_095_kernel_symbols_missing_proc_self_stack testcase.
[Fix]
Upstream commit 35a35046e4f9 ("procfs: make
/proc/*/{stack,syscall,personality} 0400") applied for v3.15-rc1 fixes the
issue.
[Regression Potential]
The upstream fix changes the permissions of the files
/proc/*/{stack,syscall,personality}, so userspace which relies on reading these
files as regular users might fail. However, this fixes a security issue and is
already applied on our later series.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu-kernel-tests/+bug/1813001/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1813001] Re: test_095_kernel_symbols_missing_proc_self_stack failed on P-LTS
SRU request sent:
https://lists.ubuntu.com/archives/kernel-team/2019-January/098080.html
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1813001
Title:
test_095_kernel_symbols_missing_proc_self_stack failed on P-LTS
Status in ubuntu-kernel-tests:
In Progress
Status in linux package in Ubuntu:
Invalid
Status in linux source package in Trusty:
In Progress
Bug description:
[Impact]
The testcase test_095_kernel_symbols_missing_proc_self_stack from
ubuntu_qrt_kernel_security testsuite started to fail with Trusty
kernel (3.13) after the fix for CVE-2018-17972 ("proc: restrict kernel
stack dumps to root"), which prevents a regular user to read from
/proc/self/stack.
Kernel: 3.13.0-165.215~precise1
The test failed with:
AssertionError: cat: /proc/self/stack: Permission denied
FAIL: test_095_kernel_symbols_missing_proc_self_stack
(__main__.KernelSecurityTest)
kernel addresses in /proc/self/stack are zeroed out
--
Traceback (most recent call last):
File "./test-kernel-security.py", line 1364, in
test_095_kernel_symbols_missing_proc_self_stack
self._check_pK_files(self._095_kernel_symbols_missing_proc_self_stack,
expected=expected)
File "./test-kernel-security.py", line 1209, in _check_pK_files
test_function(expected_restricted)
File "./test-kernel-security.py", line 1320, in
_095_kernel_symbols_missing_proc_self_stack
expected, retry=True)
File "./test-kernel-security.py", line 1146, in _read_twice
self.assertEqual(rc, 0, regular)
AssertionError: cat: /proc/self/stack: Permission denied
The testcase checks the file permission before trying to read it, and
for kernel 3.13 the permissions became inconsistent with what the user
can actually do:
$ cat /proc/self/stack
cat: /proc/self/stack: Permission denied
$ ls -l /proc/self/stack
-r--r--r-- 1 ubuntu ubuntu 0 Jan 24 04:06 /proc/self/stack
[Test Case]
Run 'cat' and 'ls' on the file as stated above, or run the
ubuntu_qrt_kernel_security testsuite and check for the results of the
test_095_kernel_symbols_missing_proc_self_stack testcase.
[Fix]
Upstream commit 35a35046e4f9 ("procfs: make
/proc/*/{stack,syscall,personality} 0400") applied for v3.15-rc1 fixes the
issue.
[Regression Potential]
The upstream fix changes the permissions of the files
/proc/*/{stack,syscall,personality}, so userspace which relies on reading these
files as regular users might fail. However, this fixes a security issue and is
already applied on our later series.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu-kernel-tests/+bug/1813001/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1813001] Re: test_095_kernel_symbols_missing_proc_self_stack failed on P-LTS
** Description changed:
+ [Impact]
+
+ The testcase test_095_kernel_symbols_missing_proc_self_stack from
+ ubuntu_qrt_kernel_security testsuite started to fail with Trusty kernel
+ (3.13) after the fix for CVE-2018-17972 ("proc: restrict kernel stack
+ dumps to root"), which prevents a regular user to read from
+ /proc/self/stack.
+
Kernel: 3.13.0-165.215~precise1
The test failed with:
- AssertionError: cat: /proc/self/stack: Permission denied
-
+ AssertionError: cat: /proc/self/stack: Permission denied
FAIL: test_095_kernel_symbols_missing_proc_self_stack
(__main__.KernelSecurityTest)
kernel addresses in /proc/self/stack are zeroed out
--
Traceback (most recent call last):
File "./test-kernel-security.py", line 1364, in
test_095_kernel_symbols_missing_proc_self_stack
self._check_pK_files(self._095_kernel_symbols_missing_proc_self_stack,
expected=expected)
File "./test-kernel-security.py", line 1209, in _check_pK_files
test_function(expected_restricted)
File "./test-kernel-security.py", line 1320, in
_095_kernel_symbols_missing_proc_self_stack
expected, retry=True)
File "./test-kernel-security.py", line 1146, in _read_twice
self.assertEqual(rc, 0, regular)
AssertionError: cat: /proc/self/stack: Permission denied
+
+ The testcase checks the file permission before trying to read it, and
+ for kernel 3.13 the permissions became inconsistent with what the user
+ can actually do:
+
+ $ cat /proc/self/stack
+ cat: /proc/self/stack: Permission denied
+ $ ls -l /proc/self/stack
+ -r--r--r-- 1 ubuntu ubuntu 0 Jan 24 04:06 /proc/self/stack
+
+ [Test Case]
+ Run 'cat' and 'ls' on the file as stated above, or run the
ubuntu_qrt_kernel_security testsuite and check for the results of the
test_095_kernel_symbols_missing_proc_self_stack testcase.
+
+ [Fix]
+ Upstream commit 35a35046e4f9 ("procfs: make
/proc/*/{stack,syscall,personality} 0400") applied for v3.15-rc1 fixes the
issue.
+
+ [Regression Potential]
+ The upstream fix changes the permissions of the files
/proc/*/{stack,syscall,personality}, so userspace which relies on reading these
files as regular users might fail. However, this fixes a security issue and is
already applied on our later series.
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1813001
Title:
test_095_kernel_symbols_missing_proc_self_stack failed on P-LTS
Status in ubuntu-kernel-tests:
In Progress
Status in linux package in Ubuntu:
Invalid
Status in linux source package in Trusty:
In Progress
Bug description:
[Impact]
The testcase test_095_kernel_symbols_missing_proc_self_stack from
ubuntu_qrt_kernel_security testsuite started to fail with Trusty
kernel (3.13) after the fix for CVE-2018-17972 ("proc: restrict kernel
stack dumps to root"), which prevents a regular user to read from
/proc/self/stack.
Kernel: 3.13.0-165.215~precise1
The test failed with:
AssertionError: cat: /proc/self/stack: Permission denied
FAIL: test_095_kernel_symbols_missing_proc_self_stack
(__main__.KernelSecurityTest)
kernel addresses in /proc/self/stack are zeroed out
--
Traceback (most recent call last):
File "./test-kernel-security.py", line 1364, in
test_095_kernel_symbols_missing_proc_self_stack
self._check_pK_files(self._095_kernel_symbols_missing_proc_self_stack,
expected=expected)
File "./test-kernel-security.py", line 1209, in _check_pK_files
test_function(expected_restricted)
File "./test-kernel-security.py", line 1320, in
_095_kernel_symbols_missing_proc_self_stack
expected, retry=True)
File "./test-kernel-security.py", line 1146, in _read_twice
self.assertEqual(rc, 0, regular)
AssertionError: cat: /proc/self/stack: Permission denied
The testcase checks the file permission before trying to read it, and
for kernel 3.13 the permissions became inconsistent with what the user
can actually do:
$ cat /proc/self/stack
cat: /proc/self/stack: Permission denied
$ ls -l /proc/self/stack
-r--r--r-- 1 ubuntu ubuntu 0 Jan 24 04:06 /proc/self/stack
[Test Case]
Run 'cat' and 'ls' on the file as stated above, or run the
ubuntu_qrt_kernel_security testsuite and check for the results of the
test_095_kernel_symbols_missing_proc_self_stack testcase.
[Fix]
Upstream commit 35a35046e4f9 ("procfs: make
/proc/*/{stack,syscall,personality} 0400") applied for v3.15-rc1 fixes the
issue.
[Regression Potential]
The upstream fix changes the permissions of the files
/proc/*/{stack,syscall,personality}, so userspace which relies on reading these
files as regular users might fail. However, this fixes a security issue and is
already applied on our later series.
To manage notifications about this bug go to:
[Kernel-packages] [Bug 1813001] Re: test_095_kernel_symbols_missing_proc_self_stack failed on P-LTS
OK thanks, I will remove the qa-regression-testing here. ** No longer affects: qa-regression-testing ** Changed in: ubuntu-kernel-tests Status: New => In Progress ** Changed in: ubuntu-kernel-tests Assignee: (unassigned) => Kleber Sacilotto de Souza (kleber-souza) -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1813001 Title: test_095_kernel_symbols_missing_proc_self_stack failed on P-LTS Status in ubuntu-kernel-tests: In Progress Status in linux package in Ubuntu: Invalid Status in linux source package in Trusty: In Progress Bug description: Kernel: 3.13.0-165.215~precise1 The test failed with: AssertionError: cat: /proc/self/stack: Permission denied FAIL: test_095_kernel_symbols_missing_proc_self_stack (__main__.KernelSecurityTest) kernel addresses in /proc/self/stack are zeroed out -- Traceback (most recent call last): File "./test-kernel-security.py", line 1364, in test_095_kernel_symbols_missing_proc_self_stack self._check_pK_files(self._095_kernel_symbols_missing_proc_self_stack, expected=expected) File "./test-kernel-security.py", line 1209, in _check_pK_files test_function(expected_restricted) File "./test-kernel-security.py", line 1320, in _095_kernel_symbols_missing_proc_self_stack expected, retry=True) File "./test-kernel-security.py", line 1146, in _read_twice self.assertEqual(rc, 0, regular) AssertionError: cat: /proc/self/stack: Permission denied To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-kernel-tests/+bug/1813001/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1813001] Re: test_095_kernel_symbols_missing_proc_self_stack failed on P-LTS
I have identified the fix, I'm preparing it for a SRU request. ** Changed in: linux (Ubuntu Trusty) Status: Confirmed => In Progress -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1813001 Title: test_095_kernel_symbols_missing_proc_self_stack failed on P-LTS Status in QA Regression Testing: New Status in ubuntu-kernel-tests: New Status in linux package in Ubuntu: Invalid Status in linux source package in Trusty: In Progress Bug description: Kernel: 3.13.0-165.215~precise1 The test failed with: AssertionError: cat: /proc/self/stack: Permission denied FAIL: test_095_kernel_symbols_missing_proc_self_stack (__main__.KernelSecurityTest) kernel addresses in /proc/self/stack are zeroed out -- Traceback (most recent call last): File "./test-kernel-security.py", line 1364, in test_095_kernel_symbols_missing_proc_self_stack self._check_pK_files(self._095_kernel_symbols_missing_proc_self_stack, expected=expected) File "./test-kernel-security.py", line 1209, in _check_pK_files test_function(expected_restricted) File "./test-kernel-security.py", line 1320, in _095_kernel_symbols_missing_proc_self_stack expected, retry=True) File "./test-kernel-security.py", line 1146, in _read_twice self.assertEqual(rc, 0, regular) AssertionError: cat: /proc/self/stack: Permission denied To manage notifications about this bug go to: https://bugs.launchpad.net/qa-regression-testing/+bug/1813001/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1813001] Re: test_095_kernel_symbols_missing_proc_self_stack failed on P-LTS
** Changed in: linux (Ubuntu Trusty) Assignee: (unassigned) => Kleber Sacilotto de Souza (kleber-souza) ** Changed in: linux (Ubuntu Trusty) Importance: Undecided => Medium -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1813001 Title: test_095_kernel_symbols_missing_proc_self_stack failed on P-LTS Status in QA Regression Testing: New Status in ubuntu-kernel-tests: New Status in linux package in Ubuntu: Invalid Status in linux source package in Trusty: Confirmed Bug description: Kernel: 3.13.0-165.215~precise1 The test failed with: AssertionError: cat: /proc/self/stack: Permission denied FAIL: test_095_kernel_symbols_missing_proc_self_stack (__main__.KernelSecurityTest) kernel addresses in /proc/self/stack are zeroed out -- Traceback (most recent call last): File "./test-kernel-security.py", line 1364, in test_095_kernel_symbols_missing_proc_self_stack self._check_pK_files(self._095_kernel_symbols_missing_proc_self_stack, expected=expected) File "./test-kernel-security.py", line 1209, in _check_pK_files test_function(expected_restricted) File "./test-kernel-security.py", line 1320, in _095_kernel_symbols_missing_proc_self_stack expected, retry=True) File "./test-kernel-security.py", line 1146, in _read_twice self.assertEqual(rc, 0, regular) AssertionError: cat: /proc/self/stack: Permission denied To manage notifications about this bug go to: https://bugs.launchpad.net/qa-regression-testing/+bug/1813001/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1813001] Re: test_095_kernel_symbols_missing_proc_self_stack failed on P-LTS
Sorry Sam, I misunderstood your comment.
With the Bionic kernel, before the fix for CVE-2018-17972 ("proc:
restrict kernel stack dumps to root") the behavior was:
--
$ uname -r
4.15.0-38-generic
$ ls -la /proc/self/stack
-r 1 ubuntu ubuntu 0 Jan 24 15:04 /proc/self/stack
$ cat /proc/self/stack
[<0>] proc_pid_stack+0xaa/0x100
[<0>] proc_single_show+0x56/0x80
[<0>] seq_read+0xe5/0x430
[<0>] __vfs_read+0x1b/0x40
[<0>] vfs_read+0x8e/0x130
[<0>] SyS_read+0x55/0xc0
[<0>] do_syscall_64+0x73/0x130
[<0>] entry_SYSCALL_64_after_hwframe+0x3d/0xa2
[<0>] 0x
--
With the fix it's now:
--
$ uname -r
4.15.0-44-generic
$ ls -la /proc/self/stack
-r 1 ubuntu ubuntu 0 Jan 24 15:10 /proc/self/stack
$ cat /proc/self/stack
cat: /proc/self/stack: Permission denied
--
So you are right, the permission on the trusty kernel (3.13) should be
the same.
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-17972
** Also affects: linux (Ubuntu Trusty)
Importance: Undecided
Status: New
** Changed in: linux (Ubuntu Trusty)
Status: New => Confirmed
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1813001
Title:
test_095_kernel_symbols_missing_proc_self_stack failed on P-LTS
Status in QA Regression Testing:
New
Status in ubuntu-kernel-tests:
New
Status in linux package in Ubuntu:
Invalid
Status in linux source package in Trusty:
Confirmed
Bug description:
Kernel: 3.13.0-165.215~precise1
The test failed with:
AssertionError: cat: /proc/self/stack: Permission denied
FAIL: test_095_kernel_symbols_missing_proc_self_stack
(__main__.KernelSecurityTest)
kernel addresses in /proc/self/stack are zeroed out
--
Traceback (most recent call last):
File "./test-kernel-security.py", line 1364, in
test_095_kernel_symbols_missing_proc_self_stack
self._check_pK_files(self._095_kernel_symbols_missing_proc_self_stack,
expected=expected)
File "./test-kernel-security.py", line 1209, in _check_pK_files
test_function(expected_restricted)
File "./test-kernel-security.py", line 1320, in
_095_kernel_symbols_missing_proc_self_stack
expected, retry=True)
File "./test-kernel-security.py", line 1146, in _read_twice
self.assertEqual(rc, 0, regular)
AssertionError: cat: /proc/self/stack: Permission denied
To manage notifications about this bug go to:
https://bugs.launchpad.net/qa-regression-testing/+bug/1813001/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1813001] Re: test_095_kernel_symbols_missing_proc_self_stack failed on P-LTS
Setting the linux task to 'Invalid', since this is the expected permission of the file now for all our kernels. ** Changed in: linux (Ubuntu) Status: Incomplete => Invalid -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1813001 Title: test_095_kernel_symbols_missing_proc_self_stack failed on P-LTS Status in QA Regression Testing: New Status in ubuntu-kernel-tests: New Status in linux package in Ubuntu: Invalid Bug description: Kernel: 3.13.0-165.215~precise1 The test failed with: AssertionError: cat: /proc/self/stack: Permission denied FAIL: test_095_kernel_symbols_missing_proc_self_stack (__main__.KernelSecurityTest) kernel addresses in /proc/self/stack are zeroed out -- Traceback (most recent call last): File "./test-kernel-security.py", line 1364, in test_095_kernel_symbols_missing_proc_self_stack self._check_pK_files(self._095_kernel_symbols_missing_proc_self_stack, expected=expected) File "./test-kernel-security.py", line 1209, in _check_pK_files test_function(expected_restricted) File "./test-kernel-security.py", line 1320, in _095_kernel_symbols_missing_proc_self_stack expected, retry=True) File "./test-kernel-security.py", line 1146, in _read_twice self.assertEqual(rc, 0, regular) AssertionError: cat: /proc/self/stack: Permission denied To manage notifications about this bug go to: https://bugs.launchpad.net/qa-regression-testing/+bug/1813001/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1813001] Re: test_095_kernel_symbols_missing_proc_self_stack failed on P-LTS
** Also affects: linux (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1813001 Title: test_095_kernel_symbols_missing_proc_self_stack failed on P-LTS Status in QA Regression Testing: New Status in ubuntu-kernel-tests: New Status in linux package in Ubuntu: Incomplete Bug description: Kernel: 3.13.0-165.215~precise1 The test failed with: AssertionError: cat: /proc/self/stack: Permission denied FAIL: test_095_kernel_symbols_missing_proc_self_stack (__main__.KernelSecurityTest) kernel addresses in /proc/self/stack are zeroed out -- Traceback (most recent call last): File "./test-kernel-security.py", line 1364, in test_095_kernel_symbols_missing_proc_self_stack self._check_pK_files(self._095_kernel_symbols_missing_proc_self_stack, expected=expected) File "./test-kernel-security.py", line 1209, in _check_pK_files test_function(expected_restricted) File "./test-kernel-security.py", line 1320, in _095_kernel_symbols_missing_proc_self_stack expected, retry=True) File "./test-kernel-security.py", line 1146, in _read_twice self.assertEqual(rc, 0, regular) AssertionError: cat: /proc/self/stack: Permission denied To manage notifications about this bug go to: https://bugs.launchpad.net/qa-regression-testing/+bug/1813001/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
