Bug 12365

Summary:	CONFIG_HARDENED_USERCOPY is disabled on armv5tel and aarch64
Product:	IPFire	Reporter:	Peter Müller <peter.mueller>
Component:	---	Assignee:	Peter Müller <peter.mueller>
Status:	CLOSED FIXED	QA Contact:
Severity:	Security
Priority:	Will only affect a few users
Version:	2
Hardware:	unspecified
OS:	All
Bug Depends on:
Bug Blocks:	12361

Description Peter Müller 2020-04-14 15:21:47 UTC

Quote from https://capsule8.com/blog/kernel-configuration-glossary/:

> Significance: Critical
> 
> This option checks for obviously wrong memory regions when copying memory
> to/from the kernel (via copy_to_user() and copy_from_user() functions) by 
> ejecting memory ranges that are larger than the specified heap object span
> multiple separately allocated pages are not on the process stack or are part of
> the kernel text. This kills entire classes of heap overflow exploits and
> similar kernel memory exposures.

Comment 1 Peter Müller 2020-06-07 16:37:42 UTC

https://patchwork.ipfire.org/patch/3160/

Comment 2 Peter Müller 2020-06-09 17:04:08 UTC

https://git.ipfire.org/?p=ipfire-2.x.git;a=commit;h=e4d1f968695b6f8d020cd8bf5a650402a61d46ad

Comment 3 Peter Müller 2020-06-20 09:28:27 UTC

https://blog.ipfire.org/post/ipfire-2-25-core-update-146-is-available-for-testing

Comment 4 Peter Müller 2020-07-01 15:15:40 UTC

https://blog.ipfire.org/post/ipfire-2-25-core-update-146-released