Raspberry Pi Forums

Posted: **Fri Oct 21, 2016 4:13 pm**

Is there a fix for the 'dirty cow' bug in the Raspian code base? I have several devices running and this issue sounds like a serious one but I was not sure where I should look to find out about the latest patches. If you know where I can look for those please just let me know. Thanks.

Posted: **Fri Oct 21, 2016 4:52 pm**

sudo rpi-update includes a commit https://github.com/raspberrypi/linux/co ... 52b94d22fb that updates the COW processing in the 4.4.26 kernel.

Posted: **Fri Oct 21, 2016 5:05 pm**

https://github.com/raspberrypi/linux/issues/1694

Posted: **Sat Oct 22, 2016 12:59 am**

Great news, thx... time to update!

DougieLawson wrote:sudo rpi-update includes a commit https://github.com/raspberrypi/linux/co ... 52b94d22fb that updates the COW processing in the 4.4.26 kernel.

Posted: **Sun Oct 23, 2016 7:10 am**

DougieLawson wrote:sudo rpi-update includes a commit https://github.com/raspberrypi/linux/co ... 52b94d22fb that updates the COW processing in the 4.4.26 kernel.

Hi there, can I update Raspbian Wheezy with the same command?
Wheezy is 3.10.25+ kernel but Dougie commented that this fix is for 4.4.26.

Posted: **Sun Oct 23, 2016 7:49 am**

miamia wrote:
DougieLawson wrote:sudo rpi-update includes a commit https://github.com/raspberrypi/linux/co ... 52b94d22fb that updates the COW processing in the 4.4.26 kernel.
Hi there, can I update Raspbian Wheezy with the same command?
Wheezy is 3.10.25+ kernel but Dougie commented that this fix is for 4.4.26.

Wheezy is end of life, but in Wheezy the only way to update kernel / firmware is to run:

Code: Select all

sudo rpi-update

So give it a try and hope !

Code: Select all

uname -a

Posted: **Sun Oct 23, 2016 7:59 am**

This exploit only affects systems where the attacker can gain access (as any user) to run code directly. It isn't one where there is a "backdoor" method of gaining access.

If you have secured your Pi properly (at the very least change default the "pi" password), you're very unlikely to be affected.

If your haven't secured your Pi by changing the password and you have it connected directly to the internet (not via a router), you have a lot more to worry about than this exploit.

Most people will have routers that block incoming connections and should be safe.

Posted: **Sun Oct 23, 2016 7:50 pm**

rpdom wrote:This exploit only affects systems where the attacker can gain access (as any user) to run code directly. It isn't one where there is a "backdoor" method of gaining access.

This is a pretty dumb statement. Dirty Cow allows any local user to gain root privileges. Bad enough.
I don't know what your understanding of security is. If somebody compromises my web server (let's say, a
remote code execution backdoor or bug), yes, this person
could (under normal circumstances) probably delete some/most of my website, look at all my www files, but
would not be able to reboot or load a kernel driver or whatever root can do and others can't.
He couldn't even steal my private keys!

If you have secured your Pi properly (at the very least change default the "pi" password), you're very unlikely to be affected.

Wow, this is 2016 and the only security measure we need is change the default password. And then
we call this "properly securing your pi".
You're probably using a properly secured Windows XP and Ubuntu in a VM and are part of the big
DDoS attacks we could see in the past few months without even knowing...

This bug is already exploited in the wild! This is how they spotted it.
It took my raspberry pi offline and I wait for a kernel update or maybe I'll go through the pain and build it myself.

I hope a fix comes soon, it's literally two lines. Is this so hard to do? Or is this too much to ask for?

Posted: **Mon Oct 24, 2016 3:00 pm**

wqtr3: read the github issue. rpi-update contains the fix, the raspberrypi-kernel package will be updated in due course.

ShiftPlusOne wrote:https://github.com/raspberrypi/linux/issues/1694

Posted: **Mon Oct 24, 2016 3:05 pm**

It has been pushed already. It's just that it take a little while for it to show up in the repo.

Posted: **Tue Oct 25, 2016 1:13 pm**

I have several pi's and have just tried to update them all
sudo apt-get update
sudo apt-get upgrade
sudo apt-get dist-upgrade
sudo apt-get install raspberrypi-kernel

All but one are fine, but on that one I get
E: Unable to locate package raspberrypi-kernel

On that one I also ran
sudo rpi-update
but I still get the same problem

Any idea how to fix this?

Posted: **Tue Oct 25, 2016 1:19 pm**

micksulley wrote:I have several pi's and have just tried to update them all
sudo apt-get update
sudo apt-get upgrade
sudo apt-get dist-upgrade
sudo apt-get install raspberrypi-kernel

All but one are fine, but on that one I get
E: Unable to locate package raspberrypi-kernel

On that one I also ran
sudo rpi-update
but I still get the same problem

Any idea how to fix this?

Output of 'apt-cache policy'?

Posted: **Tue Oct 25, 2016 1:49 pm**

Code: Select all

gene@pi-geneweb ~ $ apt-cache policy
Package files:
 100 /var/lib/dpkg/status
     release a=now
 500 http://archive.raspberrypi.org/debian/ wheezy/main armhf Packages
     release o=Raspberry Pi Foundation,a=oldstable,n=wheezy,l=Raspberry Pi Foundation,c=main
     origin archive.raspberrypi.org
 500 http://raspberrypi.collabora.com/ wheezy/rpi armhf Packages
     release o=Collabora,n=wheezy,l=Collabora Raspberry Pi graphics enablement,c=rpi
     origin raspberrypi.collabora.com
 500 http://mirrordirector.raspbian.org/raspbian/ wheezy/rpi armhf Packages
     release v=7.0,o=Raspbian,a=oldstable,n=wheezy,l=Raspbian,c=rpi
     origin mirrordirector.raspbian.org
 500 http://mirrordirector.raspbian.org/raspbian/ wheezy/non-free armhf Packages
     release v=7.0,o=Raspbian,a=oldstable,n=wheezy,l=Raspbian,c=non-free
     origin mirrordirector.raspbian.org
 500 http://mirrordirector.raspbian.org/raspbian/ wheezy/contrib armhf Packages
     release v=7.0,o=Raspbian,a=oldstable,n=wheezy,l=Raspbian,c=contrib
     origin mirrordirector.raspbian.org
 500 http://mirrordirector.raspbian.org/raspbian/ wheezy/main armhf Packages
     release v=7.0,o=Raspbian,a=oldstable,n=wheezy,l=Raspbian,c=main
     origin mirrordirector.raspbian.org
Pinned packages:
gene@pi-geneweb ~ $

Posted: **Tue Oct 25, 2016 2:00 pm**

We don't support wheezy. rpi-update alone should be enough to fix the bug, but I can't promise that it will work.

Posted: **Tue Oct 25, 2016 2:26 pm**

I'm not sure how this has happened, I looked at the others as well and they are Jessie. How can I upgrade this one to Jessie? I tried
sudo apt-get dist-upgrade
but it says nothing to upgrade.

Posted: **Tue Oct 25, 2016 2:29 pm**

Make sure you have a backup before you start.
viewtopic.php?f=66&t=121880

Posted: **Wed Oct 26, 2016 12:09 pm**

https://www.raspberrypi.org/blog/fix-di ... pberry-pi/

Posted: **Wed Oct 26, 2016 12:26 pm**

micksulley wrote:.........
sudo apt-get install raspberrypi-kernel

All but one are fine, but on that one I get
E: Unable to locate package raspberrypi-kernel

On that one I also ran
sudo rpi-update
but I still get the same problem

Any idea how to fix this?

Do not do that command. It's not needed even if it did work.
Simply do the following and the new kernel will be installed.

Code: Select all

sudo apt-get update
sudo apt-get upgrade

Raspberry Pi Forums

Dirty Cow bug fix in place?

Dirty Cow bug fix in place?

Re: Dirty Cow bug fix in place?

Re: Dirty Cow bug fix in place?

Re: Dirty Cow bug fix in place?

Re: Dirty Cow bug fix in place?

Re: Dirty Cow bug fix in place?

Re: Dirty Cow bug fix in place?

Re: Dirty Cow bug fix in place?

Re: Dirty Cow bug fix in place?

Re: Dirty Cow bug fix in place?

Re: Dirty Cow bug fix in place?

Re: Dirty Cow bug fix in place?

Re: Dirty Cow bug fix in place?

Re: Dirty Cow bug fix in place?

Re: Dirty Cow bug fix in place?

Re: Dirty Cow bug fix in place?

Re: Dirty Cow bug fix in place?

Re: Dirty Cow bug fix in place?