1 |
Hello, |
2 |
|
3 |
a GLSA is in the works, but I decided that this ought to be posted in |
4 |
any case, for the benefit of the list :) |
5 |
|
6 |
Just about every set of 2.4 based kernel sources that was in Portage up |
7 |
until very recently was discovered to be vulnerable to a nasty root |
8 |
exploit described here: |
9 |
http://isec.pl/vulnerabilities/isec-0012-do_brk.txt |
10 |
|
11 |
Note that WOLK-4.10-pre7 is the only kernel that was not affected. If |
12 |
you have been using any other 2.4 kernel that it is strongly recommended |
13 |
that you emerge sync, then re-emerge the sources in question |
14 |
immediately. You do _not_ need to bump the version to be safe. If you |
15 |
are not using Portage to manage your sources then apply the following |
16 |
patch: |
17 |
|
18 |
--- a/mm/mmap.c Fri Sep 12 06:44:06 2003 |
19 |
+++ b/mm/mmap.c Thu Oct 2 01:18:19 2003 |
20 |
@@ -1041,6 +1041,9 @@ |
21 |
if (!len) |
22 |
return addr; |
23 |
|
24 |
+ if ((addr + len) > TASK_SIZE || (addr + len) < addr) |
25 |
+ return -EINVAL; |
26 |
+ |
27 |
/* |
28 |
* mlock MCL_FUTURE? |
29 |
*/ |
30 |
|
31 |
This patch is the one that has been applied to every single sources |
32 |
ebuild in Portage, aside from wolk-sources-4.10-pre7. In actual fact, |
33 |
Marc-Christian Peterson seems to have put in much saner checks in mmap.c |
34 |
from the wolk-sources (for some time now :-p), so I will probably come |
35 |
up with an alternate patch myself based on his mmap code, and post it |
36 |
here. |
37 |
|
38 |
Regards, |
39 |
|
40 |
--Kerin Francis Millar |