On Tue, 20 Jun 2017 13:11:24 +0100
Patrick O'Callaghan <pocallaghan(a)gmail.com> wrote:
On Mon, 2017-06-19 at 23:08 -0700, stan wrote:
> I'm running
> the kernel with the fix, and it is working fine so far.
As I understand it (and as the bug report appears to confirm) the fix
is to ld.so, not the kernel, though changing ld.so does of course mean
a reboot.
Yes, I also saw that. However, I assumed Laura Abbot, one of the kernel
maintainers for Fedora, would know what she is talking about. My
assumption was that this was adding the strong stack protection to the
kernel side of things. I checked in koji, and the fix is also in the
latest glibc (where ld.so comes from), but it hadn't been pushed at
that time, so I didn't install the patched version of glibc. As the
exploit report said, enabling strong stack protection in the compiler
for affected libraries would stop this exploit, but would be
expensive. I assume that means it slows execution.
How do you know it's working? Have you run an exploit test?
My statement wasn't clear. I don't have the exploit, and so can't test
that. What I meant was that the kernel with the fix was behaving as a
normal kernel would, as far as I could tell. i.e. was running fine