05

←	May 2015	→
S	M	T	W	T	F	S
					1	2
3	4	5	6	7	8	9
10	11	12	13	14	15	16
17	18	19	20 systemtap band-aid for qemu bug venom cve-2015-3456	21	22	23
24	25 crocodile testing tears	26	27	28	29	30
31

The so-called venom CVE-2015-3456 bug has been public for a little while, so go patch your copy of qemu etc.

What's that? You can't, but are interested in a systemtap band-aid? You've come to the right place. Behold:


probe process("/usr/bin/qemu-system-*").function("fdctrl_write") {

  $reg = (($reg & ~7) | 6) # replace register address with 0x__6

  if (!noted[pid()]) { noted[pid()]=1; println("defanging fdc writes, pid=", pid()) }

}

global noted%

Running it will affect all current and future qemu-system-* processes (while the systemtap script is alive). You will also need the qemu-debuginfo package installed, so systemtap can resolve the fdctrl_write function and its reg parameter.


# stap -g antivenom.stp

defanging fdc writes, pid=21911

[...]

^C

As usual, this band-aid works by altering data of the vulnerable program during its execution, not modifying control flow or program text. It is a blunt instrument - completely disabling the floppy-controller emulation, by redirecting I/O to a port number that the emulator harmlessly rejects.

A more surgical correction, permitting I/O but manually wrapping-around the FIFO pointers (as the upstream qemu fix does) may be possible. One option could be to insert probes to modify the fdctrl->data_pos variable used to calculate indexes into the fdctrl->fifo[] array (and then restore it). This seemed a little more tricky, but if someone needs a functional FDC emulation, and a systemtap-based band-aid, such an approach could probably be made to work. Prototypes welcome!

Posted Wed May 20 13:54:00 2015 Tags: tech

The Ontario public school system's standardized tests have been cancelled for this year for most elementary schools. Teacher unions and others ideologically opposed to such testing are not bothering to shed even crocodile tears. What's funny this time around is that the political party in charge of the province is one of those opposed to testing, so they will not stoop to applying pressure. Repealing the enabling legislation is perhaps too overt, so this sort of pretend-powerlessness excuse will do just fine.

Those of us who were hoping to get the data will be doubly out of luck: no test results but still paying the taxes for it.

Posted Mon May 25 09:23:00 2015 Tags: politics stuart