Ubuntu
linux package

linux could use CONFIG_CC_STACKPROTECTOR_STRONG instead of CONFIG_CC_STACKPROTECTOR_REGULAR

Bug #1380025 reported by Laurent Bonnaud
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Fix Released
Medium
Tim Gardner
Wily
Fix Released
Medium
Tim Gardner

Bug Description

Here is the relevant kernel config:

$ grep STACKPROTECTOR /boot/config-3.16.0-22-generic
CONFIG_HAVE_CC_STACKPROTECTOR=y
CONFIG_CC_STACKPROTECTOR=y
# CONFIG_CC_STACKPROTECTOR_NONE is not set
CONFIG_CC_STACKPROTECTOR_REGULAR=y
# CONFIG_CC_STACKPROTECTOR_STRONG is not set

Since linux is built with gcc 4.9 in Ubuntu 14.10, it could use CONFIG_CC_STACKPROTECTOR_STRONG instead of CONFIG_CC_STACKPROTECTOR_REGULAR.

ProblemType: Bug
DistroRelease: Ubuntu 14.10
Package: linux-image-3.16.0-22-generic 3.16.0-22.29
ProcVersionSignature: Ubuntu 3.16.0-22.29-generic 3.16.4
Uname: Linux 3.16.0-22-generic x86_64
ApportVersion: 2.14.7-0ubuntu5
Architecture: amd64
AudioDevicesInUse:
 USER PID ACCESS COMMAND
 /dev/snd/controlC0: bonnaudl 3741 F.... pulseaudio
CurrentDesktop: KDE
Date: Sat Oct 11 10:03:30 2014
EcryptfsInUse: Yes
HibernationDevice: RESUME=UUID=cf81afe7-8427-45fa-9149-c11d060a5a26
IwConfig:
 eth1 no wireless extensions.

 lo no wireless extensions.
MachineType: Dell Inc. Latitude E6520
ProcFB: 0 inteldrmfb
ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-3.16.0-22-generic root=UUID=749a9901-bdd3-4b5f-b80e-69414667e058 ro quiet splash vt.handoff=7
RelatedPackageVersions:
 linux-restricted-modules-3.16.0-22-generic N/A
 linux-backports-modules-3.16.0-22-generic N/A
 linux-firmware 1.135
RfKill:

SourcePackage: linux
UpgradeStatus: No upgrade log present (probably fresh install)
dmi.bios.date: 11/14/2013
dmi.bios.vendor: Dell Inc.
dmi.bios.version: A19
dmi.board.name: 0NVF5K
dmi.board.vendor: Dell Inc.
dmi.board.version: A01
dmi.chassis.type: 9
dmi.chassis.vendor: Dell Inc.
dmi.modalias: dmi:bvnDellInc.:bvrA19:bd11/14/2013:svnDellInc.:pnLatitudeE6520:pvr01:rvnDellInc.:rn0NVF5K:rvrA01:cvnDellInc.:ct9:cvr:
dmi.product.name: Latitude E6520
dmi.product.version: 01
dmi.sys.vendor: Dell Inc.

CVE References

Revision history for this message
Laurent Bonnaud (laurent-bonnaud) wrote :
Revision history for this message
Brad Figg (brad-figg) wrote : Status changed to Confirmed

This change was made by a bot.

Changed in linux (Ubuntu):
status: New → Confirmed
Joseph Salisbury (jsalisbury)
Changed in linux (Ubuntu):
importance: Undecided → Medium
status: Confirmed → Triaged
Revision history for this message
Laurent Bonnaud (laurent-bonnaud) wrote :

This "bug" is still there is wily:

$ grep STACKPROTECTOR /boot/config-4.2.0-13-generic
CONFIG_HAVE_CC_STACKPROTECTOR=y
CONFIG_CC_STACKPROTECTOR=y
# CONFIG_CC_STACKPROTECTOR_NONE is not set
CONFIG_CC_STACKPROTECTOR_REGULAR=y
# CONFIG_CC_STACKPROTECTOR_STRONG is not set

Tim Gardner (timg-tpi)
Changed in linux (Ubuntu Wily):
assignee: nobody → Tim Gardner (timg-tpi)
status: Triaged → Fix Committed
Revision history for this message
Launchpad Janitor (janitor) wrote :
Download full text (5.2 KiB)

This bug was fixed in the package linux - 4.2.0-15.18

---------------
linux (4.2.0-15.18) wily; urgency=low

  [ Tim Gardner ]

  * Release Tracking Bug
    - LP: #1503692

  [ Andy Whitcroft ]

  * Revert "SAUCE: aufs3: mmap: Fix races in madvise_remove() and sys_msync()"
    Was incorrectly backported.

  [ Ben Hutchings ]

  * SAUCE: aufs3: mmap: Fix races in madvise_remove() and sys_msync()
    - CVE-2015-7312

  [ Tim Gardner ]

  * [Debian] config-check and prepare using ${DEBIAN}/config/annotations
    Makes the LTS update script work better.

linux (4.2.0-15.17) wily; urgency=low

  [ Tim Gardner ]

  * Release Tracking Bug
    - LP: #1503016
  * rebase to v4.2.3

  [ Andrew Donnellan ]

  * SAUCE: cxl: fix leak of IRQ names in cxl_free_afu_irqs()
  * SAUCE: cxl: fix leak of ctx->irq_bitmap when releasing context via
    kernel API
  * SAUCE: cxl: fix leak of ctx->mapping when releasing kernel API contexts

  [ Ben Hutchings ]

  * SAUCE: aufs3: mmap: Fix races in madvise_remove() and sys_msync()
    - CVE-2015-7312

  [ Dan Carpenter ]

  * SAUCE: (noup) cxlflash: a couple off by one bugs
    - LP: #1499849

  [ John Johansen ]

  * SAUCE: (no-up) apparmor: fix mount not handling disconnected paths
    - LP: #1496430

  [ Manoj Kumar ]

  * SAUCE: (noup) cxlflash: Fix to avoid invalid port_sel value
    - LP: #1499849
  * SAUCE: (noup) cxlflash: Replace magic numbers with literals
    - LP: #1499849
  * SAUCE: (noup) cxlflash: Fix read capacity timeout
    - LP: #1499849
  * SAUCE: (noup) cxlflash: Fix to double the delay each time
    - LP: #1499849
  * SAUCE: (noup) cxlflash: Fix to escalate to LINK_RESET on login timeout
    - LP: #1499849

  [ Matthew R. Ochs ]

  * SAUCE: (noup) cxlflash: Fix potential oops following LUN removal
    - LP: #1499849
  * SAUCE: (noup) cxlflash: Fix data corruption when vLUN used over
    multiple cards
    - LP: #1499849
  * SAUCE: (noup) cxlflash: Fix to avoid sizeof(bool)
    - LP: #1499849
  * SAUCE: (noup) cxlflash: Fix context encode mask width
    - LP: #1499849
  * SAUCE: (noup) cxlflash: Fix to avoid CXL services during EEH
    - LP: #1499849
  * SAUCE: (noup) cxlflash: Correct naming of limbo state and waitq
    - LP: #1499849
  * SAUCE: (noup) cxlflash: Make functions static
    - LP: #1499849
  * SAUCE: (noup) cxlflash: Refine host/device attributes
    - LP: #1499849
  * SAUCE: (noup) cxlflash: Fix to avoid spamming the kernel log
    - LP: #1499849
  * SAUCE: (noup) cxlflash: Fix to avoid stall while waiting on TMF
    - LP: #1499849
  * SAUCE: (noup) cxlflash: Fix location of setting resid
    - LP: #1499849
  * SAUCE: (noup) cxlflash: Fix host link up event handling
    - LP: #1499849
  * SAUCE: (noup) cxlflash: Fix async interrupt bypass logic
    - LP: #1499849
  * SAUCE: (noup) cxlflash: Remove dual port online dependency
    - LP: #1499849
  * SAUCE: (noup) cxlflash: Fix AFU version access/storage and add check
    - LP: #1499849
  * SAUCE: (noup) cxlflash: Correct usage of scsi_host_put()
    - LP: #1499849
  * SAUCE: (noup) cxlflash: Fix to prevent workq from accessing freed
    memory
    - LP: #1499849
  * SAUCE: (noup) cxlflash: Correct behavior in device reset handler
    ...

Read more...

Changed in linux (Ubuntu Wily):
status: Fix Committed → Fix Released
Revision history for this message
Laurent Bonnaud (laurent-bonnaud) wrote :

Thank you for the "fix"!

How about enabling CONFIG_CC_STACKPROTECTOR_STRONG also for mainline builds ?

Revision history for this message
Tim Gardner (timg-tpi) wrote :

Mainline builds use a Trusty chroot, and therefore gcc 4.8. CONFIG_CC_STACKPROTECTOR_STRONG requires gcc 4.9+

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.