ACK: [PATCH 0/1][SRU][T] CVE-2019-6133 - Untrustable process start_time
Khaled Elmously
khalid.elmously at canonical.com
Mon Jan 28 03:48:17 UTC 2019
On 2019-01-25 01:50:10 , Tyler Hicks wrote:
> https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-6133.html
>
> In PolicyKit (aka polkit) 0.115, the "start time" protection mechanism can be
> bypassed because fork() is not atomic, and therefore authorization decisions
> are improperly cached. This is related to lack of uid checking in
> polkitbackend/polkitbackendinteractiveauthority.c.
>
> This CVE was assigned against PolicyKit but there's a more complete fix
> available for the kernel and the Ubuntu Security Team asked that we include the
> kernel fix.
>
> There were minor changes involved to get this commit to apply to Trusty. The
> reproducer in the Project Zero bug report does not work on Trusty since Trusty
> does not have the userfaultfd(2) syscall. There's a fair chance that this
> change isn't needed in Trusty due to the lack of userfaultfd support but I
> think this is a relatively harmless change to make in the case that there are
> other mechanisms which could allow an attacker to stall the creation of a
> process to affect the start_time. I've smoke tested this change by booting a
> Trusty kernel with this commit applied.
>
> Tyler
>
Acked-by: Khalid Elmously <khalid.elmously at canonical.com>
More information about the kernel-team
mailing list