Tiny Core Linux
Tiny Core Base => TCB Bugs => Topic started by: quest on March 08, 2022, 08:40:35 AM
-
With TinyCore Linux extensively utilizing read-only filesystems, I wonder what impact the recently announced DirtyPipe vulnerability in the Linux kernel will have on it.
More info here: https://lwn.net/Articles/887056/
Will there by updates to TinyCore for patched versions of the kernel? Only for 13.x or will prior versions be covered too?
-
https://arstechnica.com/information-technology/2022/03/linux-has-been-bitten-by-its-most-high-severity-vulnerability-in-years/
sharing is caring
-
It's a serious bug, but it's local. Someone needs to be able to run a program on your computer. As such, there probably won't be a mid-release kernel update for 13.x.
TC is typically not used for multi-user restricted systems, where this would be a larger concern.
-
I anyone is interested,
I have made a CorePure64-13.0.iso having kernel 5.15.27 and same modules as the (official) latest TinyCore release.
Build from scratch, sources from kernel.org
The DirtyPipe is fixed on this one.
Filesize: 20MB
-
https://arstechnica.com/information-technology/2022/03/researcher-uses-dirty-pipe-exploit-to-fully-root-a-pixel-6-pro-and-samsung-s22/
sharing is caring
-
excellent work by Max Kellermann on dirtypipe - grab your favorite beverage/snack/etc and enjoy!
https://dirtypipe.cm4all.com/
hat-tip: https://etbe.coker.com.au/
sharing is caring
20220331-0459am - modified - added hat-tip
-
more:
https://arstechnica.com/gadgets/2022/04/it-looks-like-pixel-6-users-have-to-wait-another-month-for-a-dirty-pipe-fix/
sharing is caring