[LTP] [PATCH 0/1] uname26 exploit regression test

Richard Palethorpe rpalethorpe@suse.com
Fri Feb 17 11:36:53 CET 2017


Hi,

I have essentially rewritten the following expoit to be used in the LTP:
https://www.exploit-db.com/exploits/37937/ (Metan's idea AFAIK). There are
some issues which I came across while doing this, even though it is quite an
easy exploit to recreate.

1) How should we organise the exploit tests? I see Metan has added dirtyc0w
   under that name in its own folder. Not all exploits have a fancy or unique
   name however. I have just named the uname exploit with its CVE name and put
   it in a new uname folder, but I'm not sure that is the best way either.

2) What is the appropriate runtest file for security tests? I think they
   should be separated from functional tests.

3) The exploit code from the link is licensed under GPLv3. Although I rewrote
   the LTP test from scratch, the fact I saw the exploit code raises the
   question of whether my test is a derivative work. The easiest thing to do
   would be to attribute the exploit code author and simply state that the
   test is an adaptation, but then I believe the test would need to be GPLv3.
   Of course, I can just ask the author to relicense the original under GPLv2,
   but lets assume they don't consent or can't be contacted.

4) This is maybe a question for a security/kernel mailing list, but which
   exploits are most likely to be reintroduced to the kernel? I am not sure
   that this exploit is at high risk of being reintroduced. At least not into
   mainline or any of the major distro branches.

Thank you,
Richard.

Richard Palethorpe (1):
  security: Test for uname26 exploit cve-2012-0957

 testcases/kernel/security/uname/.gitignore      |  1 +
 testcases/kernel/security/uname/Makefile        | 20 ++++++
 testcases/kernel/security/uname/cve-2012-0957.c | 86 +++++++++++++++++++++++++
 3 files changed, 107 insertions(+)
 create mode 100644 testcases/kernel/security/uname/.gitignore
 create mode 100644 testcases/kernel/security/uname/Makefile
 create mode 100644 testcases/kernel/security/uname/cve-2012-0957.c

-- 
2.11.0


More information about the ltp mailing list