Gentoo Linux -- List Archive: gentoo-hardened

Note: Due to technical difficulties, the Archives are currently not up to date. GMANE provides an alternative service for most mailing lists.
c.f. bug 424647

List Archive: gentoo-hardened

Navigation:

Lists: gentoo-hardened: < Prev By Thread Next > < Prev By Date Next >

Headers:

To:	gentoo-hardened@g.o
From:	"Francesco R.(vivo)" <vivo75@...>
Subject:	Re: Interesting: CVE-2012-0056
Date:	Tue, 24 Jan 2012 02:35:39 +0100

On Tuesday 24 January 2012 00:49:19 Tóth Attila wrote:
> Please take a look at on this exploit:
> http://blog.zx2c4.com/749
> It is interesting to think about /proc/pid/mem protection and about
> building su with PIE enabled...
> 
> Regards:
> Dw.

BTW this in "vanilla" gentoo does not work because of the permission of the su 
file:
ls -l /usr/bin/su
-rws--x--x 1 root root 36776 18 gen 21.31 /usr/bin/su

readelf cannot read the address, but there can be other ways to access the 
binary for example for group "disk"

hardened gentoo is un-affected as expected (but you already know)

Replies:

Re: Interesting: CVE-2012-0056
-- pageexec

Re: Interesting: CVE-2012-0056
-- Tóth Attila

References:

Interesting: CVE-2012-0056
-- Tóth Attila

Navigation:

Lists: gentoo-hardened: < Prev By Thread Next > < Prev By Date Next >

Previous by thread:

Interesting: CVE-2012-0056

Next by thread:

Re: Interesting: CVE-2012-0056

Previous by date:

Interesting: CVE-2012-0056

Next by date:

Re: Interesting: CVE-2012-0056

Updated Jun 28, 2012

Summary: Archive of the gentoo-hardened mailing list.

Donate to support our development efforts.