Re: [Users] Dirty COW

2016-10-27 Thread Vasily Averin
Dear all, output /proc/meminfo was changed in 042stab120.x kernels. we had claims that free inside centos7.2 containers showed used=0 in some situations. Thank you, Vasily Averin On 27.10.2016 14:36, Nick Knutov wrote: > And it looks something is broken with memory, even with 120.5 - I

Re: [Users] Dirty COW

2016-10-27 Thread Nick Knutov
And it looks something is broken with memory, even with 120.5 - I see a lot of containers became with memory usage == memory limit in our monitoring graphs and `top` says free memory is 0 bytes now inside CT 25.10.2016 19:01, Dmitry Mishin пишет: For those who missed an announce -

Re: [Users] Dirty COW

2016-10-27 Thread Ian
On 25/10/2016 15:01, Dmitry Mishin wrote: > For those who missed an announce - > https://openvz.org/Download/kernel/rhel6/042stab120.3 is available since > 22 Oct. > > Thank you, > Dmitry. Hi, There appears to be another kernel released for RHEL 6:

Re: [Users] Dirty COW

2016-10-25 Thread Dmitry Mishin
For those who missed an announce - https://openvz.org/Download/kernel/rhel6/042stab120.3 is available since 22 Oct. Thank you, Dmitry. On 22/10/16 16:07, "users-boun...@openvz.org on behalf of Scott Dowdle" wrote: >Greetings, >

Re: [Users] Dirty COW

2016-10-22 Thread Scott Dowdle
Greetings, - Original Message - > > According to the Red Hat bugzilla page > > (https://bugzilla.redhat.com/show_bug.cgi?id=1384344#c13), they > > claim that EL5 and EL6 are not vulnerable > > No, they correctly claim the opposite. Looking at that URL now (and remember what used to be

Re: [Users] Dirty COW

2016-10-22 Thread Solar Designer
On Fri, Oct 21, 2016 at 04:43:16PM -0600, Scott Dowdle wrote: > I still haven't heard if it has been verified that OpenVZ Legacy is > vulnerable or not. It is. Verified. The "pokemon" PoC works on RHEL6 & RHEL5, as long as you have 2+ logical CPUs. > According to the Red Hat bugzilla page >

Re: [Users] Dirty COW

2016-10-22 Thread William Pettersson
Apologies, this won't appear in the correct thread, as I was not on this mailing list until a few moments ago. Scott Dowdle wrote: > I haven't tried an exploit program on an OpenVZ Legacy host node to try. Anyone? I have successfully exploited a Legacy node, running kernel 2.6.32-042stab055.16

Re: [Users] Dirty COW

2016-10-21 Thread Scott Dowdle
Greetings, - Original Message - > > According to the Red Hat bugzilla page > > (https://bugzilla.redhat.com/show_bug.cgi?id=1384344#c13), > > they claim that EL5 and EL6 are not vulnerable because > > /proc/self/mem isn't writable by default. > > According to German IT magazine heise.de

Re: [Users] Dirty COW

2016-10-21 Thread Scott Dowdle
Greetings, - Original Message - > Are there plans to release new Openvz 6 kernels in repository soon? For some value of soon I would imagine. I still haven't heard if it has been verified that OpenVZ Legacy is vulnerable or not. According to the Red Hat bugzilla page

Re: [Users] Dirty COW

2016-10-21 Thread Michael Stauber
Hi Scott, > According to the Red Hat bugzilla page > (https://bugzilla.redhat.com/show_bug.cgi?id=1384344#c13), > they claim that EL5 and EL6 are not vulnerable because > /proc/self/mem isn't writable by default. According to German IT magazine heise.de this "default configuration" implies

Re: [Users] Dirty COW

2016-10-21 Thread Scott Dowdle
Greetings, I tried some proof of concept code (cowroot.c) on an OpenVZ Legacy host as a user and it didn't work. Then I made a CentOS container on the same host, added a user, and tried to run cowroot as a user and it didn't work. When I say work, I mean the exploit didn't work. I only

Re: [Users] Dirty COW

2016-10-21 Thread Nick Knutov
Are there plans to release new Openvz 6 kernels in repository soon? 21.10.2016 22:00, Vasily Averin пишет: For paid Virtuozzo customers (if any read this) you can contact support for pre-released kernel. Also all who affected can prepare fixed kernel by yourself by using this patch:

Re: [Users] Dirty COW

2016-10-21 Thread Scott Dowdle
Greetings, - Original Message - > Does OpenVZ affected by Dirty COW? > > What is the best solution to fix it now? Every kernel released in the last 9 years is affected so far as I can tell. TYL, -- Scott Dowdle 704 Church Street Belgrade, MT 59714 (406)388-0827 [home] (406)994-3931

Re: [Users] Dirty COW

2016-10-21 Thread Vasily Averin
For paid Virtuozzo customers (if any read this) you can contact support for pre-released kernel. Also all who affected can prepare fixed kernel by yourself by using this patch: http://www.spinics.net/lists/stable/msg147964.html On 21.10.2016 19:39, Vasily Averin wrote: > yes > 2.6.22+ are

Re: [Users] Dirty COW

2016-10-21 Thread Solar Designer
On Fri, Oct 21, 2016 at 07:39:12PM +0300, Vasily Averin wrote: > yes > 2.6.22+ are affected According to Red Hat, RHEL5 is also affected, but the attack vector for it is different from what we've seen in published reproducers. Alexander ___ Users

Re: [Users] Dirty COW

2016-10-21 Thread Vasily Averin
yes 2.6.22+ are affected here you can find an system tap script for mitigation: https://bugzilla.redhat.com/show_bug.cgi?id=1384344#c13 On 21.10.2016 19:22, Nick Knutov wrote: > Does OpenVZ affected by Dirty COW? > > What is the best solution to fix it now? > >

[Users] Dirty COW

2016-10-21 Thread Nick Knutov
Does OpenVZ affected by Dirty COW? What is the best solution to fix it now? -- Best Regards, Nick Knutov http://knutov.com ICQ: 272873706 Voice: +7-904-84-23-130 ___ Users mailing list Users@openvz.org https://lists.openvz.org/mailman/listinfo/users