Page 1 of 1

Dirty Cow bug fix in place?

Posted: Fri Oct 21, 2016 4:13 pm
by JavaDevGuy
Is there a fix for the 'dirty cow' bug in the Raspian code base? I have several devices running and this issue sounds like a serious one but I was not sure where I should look to find out about the latest patches. If you know where I can look for those please just let me know. Thanks.

Re: Dirty Cow bug fix in place?

Posted: Fri Oct 21, 2016 4:52 pm
by DougieLawson
sudo rpi-update includes a commit https://github.com/raspberrypi/linux/co ... 52b94d22fb that updates the COW processing in the 4.4.26 kernel.

Re: Dirty Cow bug fix in place?

Posted: Fri Oct 21, 2016 5:05 pm
by ShiftPlusOne

Re: Dirty Cow bug fix in place?

Posted: Sat Oct 22, 2016 12:59 am
by JavaDevGuy
Great news, thx... time to update!
DougieLawson wrote:sudo rpi-update includes a commit https://github.com/raspberrypi/linux/co ... 52b94d22fb that updates the COW processing in the 4.4.26 kernel.

Re: Dirty Cow bug fix in place?

Posted: Sun Oct 23, 2016 7:10 am
by miamia
DougieLawson wrote:sudo rpi-update includes a commit https://github.com/raspberrypi/linux/co ... 52b94d22fb that updates the COW processing in the 4.4.26 kernel.
Hi there, can I update Raspbian Wheezy with the same command?
Wheezy is 3.10.25+ kernel but Dougie commented that this fix is for 4.4.26.

Re: Dirty Cow bug fix in place?

Posted: Sun Oct 23, 2016 7:49 am
by fruitoftheloom
miamia wrote:
DougieLawson wrote:sudo rpi-update includes a commit https://github.com/raspberrypi/linux/co ... 52b94d22fb that updates the COW processing in the 4.4.26 kernel.
Hi there, can I update Raspbian Wheezy with the same command?
Wheezy is 3.10.25+ kernel but Dougie commented that this fix is for 4.4.26.
Wheezy is end of life, but in Wheezy the only way to update kernel / firmware is to run:

Code: Select all

sudo rpi-update
So give it a try and hope !

Code: Select all

uname -a

Re: Dirty Cow bug fix in place?

Posted: Sun Oct 23, 2016 7:59 am
by rpdom
This exploit only affects systems where the attacker can gain access (as any user) to run code directly. It isn't one where there is a "backdoor" method of gaining access.

If you have secured your Pi properly (at the very least change default the "pi" password), you're very unlikely to be affected.

If your haven't secured your Pi by changing the password and you have it connected directly to the internet (not via a router), you have a lot more to worry about than this exploit.

Most people will have routers that block incoming connections and should be safe.

Re: Dirty Cow bug fix in place?

Posted: Sun Oct 23, 2016 7:50 pm
by wqtr3
rpdom wrote:This exploit only affects systems where the attacker can gain access (as any user) to run code directly. It isn't one where there is a "backdoor" method of gaining access.
This is a pretty dumb statement. Dirty Cow allows any local user to gain root privileges. Bad enough.
I don't know what your understanding of security is. If somebody compromises my web server (let's say, a
remote code execution backdoor or bug), yes, this person
could (under normal circumstances) probably delete some/most of my website, look at all my www files, but
would not be able to reboot or load a kernel driver or whatever root can do and others can't.
He couldn't even steal my private keys!
If you have secured your Pi properly (at the very least change default the "pi" password), you're very unlikely to be affected.
Wow, this is 2016 and the only security measure we need is change the default password. And then
we call this "properly securing your pi".
You're probably using a properly secured Windows XP and Ubuntu in a VM and are part of the big
DDoS attacks we could see in the past few months without even knowing...

This bug is already exploited in the wild! This is how they spotted it.
It took my raspberry pi offline and I wait for a kernel update or maybe I'll go through the pain and build it myself.

I hope a fix comes soon, it's literally two lines. Is this so hard to do? Or is this too much to ask for?

Re: Dirty Cow bug fix in place?

Posted: Mon Oct 24, 2016 3:00 pm
by jdb
wqtr3: read the github issue. rpi-update contains the fix, the raspberrypi-kernel package will be updated in due course.

Re: Dirty Cow bug fix in place?

Posted: Mon Oct 24, 2016 3:05 pm
by ShiftPlusOne
It has been pushed already. It's just that it take a little while for it to show up in the repo.

Re: Dirty Cow bug fix in place?

Posted: Tue Oct 25, 2016 1:13 pm
by micksulley
I have several pi's and have just tried to update them all
sudo apt-get update
sudo apt-get upgrade
sudo apt-get dist-upgrade
sudo apt-get install raspberrypi-kernel

All but one are fine, but on that one I get
E: Unable to locate package raspberrypi-kernel

On that one I also ran
sudo rpi-update
but I still get the same problem

Any idea how to fix this?

Re: Dirty Cow bug fix in place?

Posted: Tue Oct 25, 2016 1:19 pm
by ShiftPlusOne
micksulley wrote:I have several pi's and have just tried to update them all
sudo apt-get update
sudo apt-get upgrade
sudo apt-get dist-upgrade
sudo apt-get install raspberrypi-kernel

All but one are fine, but on that one I get
E: Unable to locate package raspberrypi-kernel

On that one I also ran
sudo rpi-update
but I still get the same problem

Any idea how to fix this?
Output of 'apt-cache policy'?

Re: Dirty Cow bug fix in place?

Posted: Tue Oct 25, 2016 1:49 pm
by micksulley

Code: Select all

gene@pi-geneweb ~ $ apt-cache policy
Package files:
 100 /var/lib/dpkg/status
     release a=now
 500 http://archive.raspberrypi.org/debian/ wheezy/main armhf Packages
     release o=Raspberry Pi Foundation,a=oldstable,n=wheezy,l=Raspberry Pi Foundation,c=main
     origin archive.raspberrypi.org
 500 http://raspberrypi.collabora.com/ wheezy/rpi armhf Packages
     release o=Collabora,n=wheezy,l=Collabora Raspberry Pi graphics enablement,c=rpi
     origin raspberrypi.collabora.com
 500 http://mirrordirector.raspbian.org/raspbian/ wheezy/rpi armhf Packages
     release v=7.0,o=Raspbian,a=oldstable,n=wheezy,l=Raspbian,c=rpi
     origin mirrordirector.raspbian.org
 500 http://mirrordirector.raspbian.org/raspbian/ wheezy/non-free armhf Packages
     release v=7.0,o=Raspbian,a=oldstable,n=wheezy,l=Raspbian,c=non-free
     origin mirrordirector.raspbian.org
 500 http://mirrordirector.raspbian.org/raspbian/ wheezy/contrib armhf Packages
     release v=7.0,o=Raspbian,a=oldstable,n=wheezy,l=Raspbian,c=contrib
     origin mirrordirector.raspbian.org
 500 http://mirrordirector.raspbian.org/raspbian/ wheezy/main armhf Packages
     release v=7.0,o=Raspbian,a=oldstable,n=wheezy,l=Raspbian,c=main
     origin mirrordirector.raspbian.org
Pinned packages:
gene@pi-geneweb ~ $ 

Re: Dirty Cow bug fix in place?

Posted: Tue Oct 25, 2016 2:00 pm
by ShiftPlusOne
We don't support wheezy. rpi-update alone should be enough to fix the bug, but I can't promise that it will work.

Re: Dirty Cow bug fix in place?

Posted: Tue Oct 25, 2016 2:26 pm
by micksulley
I'm not sure how this has happened, I looked at the others as well and they are Jessie. How can I upgrade this one to Jessie? I tried
sudo apt-get dist-upgrade
but it says nothing to upgrade.

Re: Dirty Cow bug fix in place?

Posted: Tue Oct 25, 2016 2:29 pm
by ShiftPlusOne
Make sure you have a backup before you start.
viewtopic.php?f=66&t=121880

Re: Dirty Cow bug fix in place?

Posted: Wed Oct 26, 2016 12:09 pm
by fruitoftheloom

Re: Dirty Cow bug fix in place?

Posted: Wed Oct 26, 2016 12:26 pm
by klricks
micksulley wrote:.........
sudo apt-get install raspberrypi-kernel

All but one are fine, but on that one I get
E: Unable to locate package raspberrypi-kernel

On that one I also ran
sudo rpi-update
but I still get the same problem

Any idea how to fix this?
Do not do that command. It's not needed even if it did work.
Simply do the following and the new kernel will be installed.

Code: Select all

sudo apt-get update
sudo apt-get upgrade