On Mon, Jun 02, 2025 at 11:09:05AM +0200, Christian Brauner wrote: > On Fri, May 30, 2025 at 10:44:16AM +0100, Luca Boccassi wrote: > > Dear stable maintainer(s), > > > > The following series was merged for 6.16: > > > > https://lore.kernel.org/all/20250414-work-coredump-v2-0-685bf231f828@xxxxxxxxxx/ > > > > https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c57f07b235871c9e5bffaccd458dca2d9a62b164 > > https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=95c5f43181fe9c1b5e5a4bd3281c857a5259991f > > https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b5325b2a270fcaf7b2a9a0f23d422ca8a5a8bdea > > > > This allows the userspace coredump handler to get a PIDFD referencing > > the crashed process. > > > > We have discovered that there are real world exploits that can be used > > to trick coredump handling userspace software to act on foreign > > processes due to PID reuse attacks: > > > > https://security-tracker.debian.org/tracker/CVE-2025-4598 > > > > We have fixed the worst case scenario, but to really and > > comprehensively fix the whole problem we need this new %F option. We > > have backported the userspace side to the systemd stable branch. Would > > it be possible to backport the above 3 patches to at least the 6.12 > > series, so that the next Debian stable can be fully covered? The first > > two are small bug fixes so it would be good to have them, and the > > third one is quite small and unless explicitly configured in the > > core_pattern, it will be inert, so risk should be low. > > I agree that we should try and backport this if Greg agrees we can do > this. v6.15 will be easy to do. Further back might need some custom work > though. Let's see what Greg thinks. Yes, seems like a good thing to backport to at least 6.12.y if possible. Is it just the above 3 commits? thanks, greg k-h
