[PATCH 0/1][SRU][T] CVE-2019-6133 - Untrustable process start_time
Tyler Hicks
tyhicks at canonical.com
Fri Jan 25 01:50:10 UTC 2019
https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-6133.html
In PolicyKit (aka polkit) 0.115, the "start time" protection mechanism can be
bypassed because fork() is not atomic, and therefore authorization decisions
are improperly cached. This is related to lack of uid checking in
polkitbackend/polkitbackendinteractiveauthority.c.
This CVE was assigned against PolicyKit but there's a more complete fix
available for the kernel and the Ubuntu Security Team asked that we include the
kernel fix.
There were minor changes involved to get this commit to apply to Trusty. The
reproducer in the Project Zero bug report does not work on Trusty since Trusty
does not have the userfaultfd(2) syscall. There's a fair chance that this
change isn't needed in Trusty due to the lack of userfaultfd support but I
think this is a relatively harmless change to make in the case that there are
other mechanisms which could allow an attacker to stall the creation of a
process to affect the start_time. I've smoke tested this change by booting a
Trusty kernel with this commit applied.
Tyler
More information about the kernel-team
mailing list