| === amitk is now known as amitk-afk | ||
| === amitk-afk is now known as amitk | ||
| === amitk is now known as amitk-afk | ||
| * ppisati -> out for a bit | 08:39 | |
| ogra_ | hmm, did rtg revert all the CONFIG_VT stuff in grouper with the latest upload ? | 10:52 |
|---|---|---|
| * ogra_ cant get the flipped image to boot anymore ... with console errors as before | 10:53 | |
| * henrix -> lunch | 12:03 | |
| rtg_ | henrix, Friday is reboot day. gomeisa first. | 13:55 |
| henrix | rtg_: ack | 13:56 |
| rtg_ | henrix, should almost be back by now | 13:57 |
| === kentb-oout is now known as kentb | ||
| joshhunt | i have a question about the perf CVE that was part of the USN this morning. does anyone know if this can be exploited by a user which does not possess CAP_SYS_ADMIN? | 15:05 |
| joshhunt | actually i'll rephrase. is it exploitable if sysctl_perf_event_paranoid > 0? | 15:09 |
| rtg_ | jjohansen, ^^ | 15:26 |
| rtg_ | chiluk, bouncing tangerine for the dbus update | 15:41 |
| chiluk | go for it | 15:42 |
| === slangase` is now known as slangasek | ||
| === kentb-oout is now known as kentb | ||
| === rtg_ is now known as rtg-afk | ||
| === danjared_ is now known as danjared | ||
| jjohansen | joshhunt: atm its unclear to me whether CVE-2013-2146 is exploitable with sysctl_perf_event_paranoid==1 | 19:11 |
| joshhunt | jjohansen: ok thx. yeah i'm not sure either. do you know if any exploit code has been released? i didn't find any in my searches. | 19:13 |
| jjohansen | joshhunt: paranoid==1 still allows for none capable users to do some things, and I need to spend a fair bit more time with it to unwind all the possible paths | 19:13 |
| jjohansen | joshhunt: I don't have any, which makes evaluating the possible attacks harder | 19:13 |
| joshhunt | jjohansen: yep, i'll do some more investigation. thx. | 19:25 |
| * rtg_ -> EOW | 20:29 | |
| joshhunt | jjohansen: i think i've convinced myself that you can exploit this with perf_event_paranoid = 1 | 21:12 |
| joshhunt | jjohansen: it seems like the extra_regs get loaded when an unpriv user does something like: perf stat -e L1-dcache-loads -e L1-dcache-load-misses -e L1-dcache-stores -e L1-dcache-store-misses sleep 10 | 21:13 |
| joshhunt | jjohansen: i see this when running this at the same time as root | 21:14 |
| joshhunt | perf stat -a -e probe:* sleep 30 | 21:14 |
| joshhunt | Performance counter stats for 'sleep 30': | 21:14 |
| joshhunt | 4 probe:intel_pmu_hw_config [100.00%] | 21:14 |
| joshhunt | 4 probe:x86_pmu_hw_config [100.00%] | 21:14 |
| joshhunt | 4 probe:x86_setup_perfctr [100.00%] | 21:14 |
| joshhunt | 4 probe:x86_pmu_extra_regs | 21:14 |
| jjohansen | joshhunt: yep that seem like its exploitable, thanks for digging | 21:15 |
| === kentb is now known as kentbout | ||
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!