FS#57931 - [ndiswrapper][ndiswrapper-dkms] It's dead, please drop from the repos
Attached to Project:
Community Packages
Opened by loqs (loqs) - Friday, 23 March 2018, 21:10 GMT
Last edited by Buggy McBugFace (bugbot) - Saturday, 25 November 2023, 20:00 GMT
Opened by loqs (loqs) - Friday, 23 March 2018, 21:10 GMT
Last edited by Buggy McBugFace (bugbot) - Saturday, 25 November 2023, 20:00 GMT
|
Details
Description:
ndiswrapper includes assembler using an indirect call. The retpoline security feature of the kernel can be compromised by such calls. As noted https://bbs.archlinux.org/viewtopic.php?pid=1774623#p1774623 by Rookie the driver ndiswrapper invokes could also do the same or introduce other security issues. Steps to reproduce: build the ndiswrapper driver using a kernel containing https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit/?id=40693bd709b5f13365047a9b56f3adda690bc774 which include 4.14.27, 4.15.10+ and 4.16-rc4+ ./tools/objtool/objtool orc generate --module --no-fp --retpoline "/tmp/community/trunk/src/ndiswrapper-1.61/ndiswrapper/driver/lin2win.o"; /tmp/community/trunk/src/ndiswrapper-1.61/ndiswrapper/driver/lin2win.o: warning: objtool: lin2win0()+0x8: indirect call found in RETPOLINE build /tmp/community/trunk/src/ndiswrapper-1.61/ndiswrapper/driver/lin2win.o: warning: objtool: lin2win1()+0xb: indirect call found in RETPOLINE build /tmp/community/trunk/src/ndiswrapper-1.61/ndiswrapper/driver/lin2win.o: warning: objtool: lin2win2()+0xb: indirect call found in RETPOLINE build /tmp/community/trunk/src/ndiswrapper-1.61/ndiswrapper/driver/lin2win.o: warning: objtool: lin2win3()+0xe: indirect call found in RETPOLINE build /tmp/community/trunk/src/ndiswrapper-1.61/ndiswrapper/driver/lin2win.o: warning: objtool: lin2win4()+0x11: indirect call found in RETPOLINE build /tmp/community/trunk/src/ndiswrapper-1.61/ndiswrapper/driver/lin2win.o: warning: objtool: lin2win5()+0x16: indirect call found in RETPOLINE build /tmp/community/trunk/src/ndiswrapper-1.61/ndiswrapper/driver/lin2win.o: warning: objtool: lin2win6()+0x20: indirect call found in RETPOLINE build it is detected seven times as the macro is expanded to seven functions lin2win lin2win0, 0 lin2win lin2win1, 1 lin2win lin2win2, 2 lin2win lin2win3, 3 lin2win lin2win4, 4 lin2win lin2win5, 5 lin2win lin2win6, 6 Earlier kernels lack the detection pass but would still be vulnerable. |
This task depends upon
Closed by Buggy McBugFace (bugbot)
Saturday, 25 November 2023, 20:00 GMT
Reason for closing: Moved
Additional comments about closing: https://gitlab.archlinux.org/archlinux/p ackaging/packages/ndiswrapper/issues/1
Saturday, 25 November 2023, 20:00 GMT
Reason for closing: Moved
Additional comments about closing: https://gitlab.archlinux.org/archlinux/p ackaging/packages/ndiswrapper/issues/1
Or would you rather I open a separate report to suggest ndiswrapper be dropped in the spring clean?
[1] make.log.1
[2] make.log.2
make.log.2 (23.5 KiB)