[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: cpio RCE Exploit Caused by Integer Overflow
From: |
Salvatore Bonaccorso |
Subject: |
Re: cpio RCE Exploit Caused by Integer Overflow |
Date: |
Sat, 21 Aug 2021 20:56:39 +0200 |
Hi,
On Tue, Aug 17, 2021 at 07:39:31AM +0200, Sergey Poznyakoff wrote:
> Hi Juerg,
>
> > While the hang is gone I'm still seeing a regression when building an Ubuntu
> > kernel:
>
> I can't reproduce it. Can you send me output of this command:
>
> > find . -path './debian' -prune -o -path './debian.raspi' -prune \
> > -o -path './include/*' -prune \
> > -o -path './scripts/*' -prune -o -type f \
> > \( -name 'Makefile*' -o -name 'Kconfig*' -o -name 'Kbuild*' -o \
> > -name '*.sh' -o -name '*.pl' -o -name '*.lds' \) \
> > -print
Notabene the following is purely experimental trying, the cause it not
pingpointed at all. But as we notice the very same with a kernel build
in Debian, playing around with the following:
$ zcat /tmp/list.gz | cpio -pd --preserve-modification-time
'/home/build/linux-5.10.46/debian/linux-headers-5.10.0-8-common-rt//usr/src/linux-headers-5.10.0-8-common-rt'
cpio: g-mssr.h: Cannot stat: No such file or directory
73156 blocks
$ zcat /tmp/list.gz | cpio -pd --preserve-modification-time
'/home/build/linux-5.10.46/debian/linux-headers-5.10.0-8-common-rt//usr/src/linux-headers-5.10.0-8-common-r'
cpio: -mssr.h: Cannot stat: No such file or directory
73156 blocks
$ zcat /tmp/list.gz | cpio -pd --preserve-modification-time
'/home/build/linux-5.10.46/debian/linux-headers-5.10.0-8-common-rt//usr/src/linux-headers-5.10.0-8-common-'
cpio: mssr.h: Cannot stat: No such file or directory
73156 blocks
$ zcat /tmp/list.gz | cpio -pd --preserve-modification-time
'/home/build/linux-5.10.46/debian/linux-headers-5.10.0-8-common-rt//usr/src/linux-headers-5.10.0-8-common'
cpio: ssr.h: Cannot stat: No such file or directory
73156 blocks
And attaching as welll the list.gz as used.
Do we fill somewhere a fixed length buffer?
Regards,
Salvatore
list.gz
Description: application/gzip
Re: cpio RCE Exploit Caused by Integer Overflow, Diederik de Haas, 2021/08/17