1 |
How recently is "very recently"? |
2 |
|
3 |
On Thu, 2003-12-04 at 13:44, Kerin Millar wrote: |
4 |
> Hello, |
5 |
> |
6 |
> a GLSA is in the works, but I decided that this ought to be posted in |
7 |
> any case, for the benefit of the list :) |
8 |
> |
9 |
> Just about every set of 2.4 based kernel sources that was in Portage up |
10 |
> until very recently was discovered to be vulnerable to a nasty root |
11 |
> exploit described here: |
12 |
> http://isec.pl/vulnerabilities/isec-0012-do_brk.txt |
13 |
> |
14 |
> Note that WOLK-4.10-pre7 is the only kernel that was not affected. If |
15 |
> you have been using any other 2.4 kernel that it is strongly recommended |
16 |
> that you emerge sync, then re-emerge the sources in question |
17 |
> immediately. You do _not_ need to bump the version to be safe. If you |
18 |
> are not using Portage to manage your sources then apply the following |
19 |
> patch: |
20 |
> |
21 |
> --- a/mm/mmap.c Fri Sep 12 06:44:06 2003 |
22 |
> +++ b/mm/mmap.c Thu Oct 2 01:18:19 2003 |
23 |
> @@ -1041,6 +1041,9 @@ |
24 |
> if (!len) |
25 |
> return addr; |
26 |
> |
27 |
> + if ((addr + len) > TASK_SIZE || (addr + len) < addr) |
28 |
> + return -EINVAL; |
29 |
> + |
30 |
> /* |
31 |
> * mlock MCL_FUTURE? |
32 |
> */ |
33 |
> |
34 |
> This patch is the one that has been applied to every single sources |
35 |
> ebuild in Portage, aside from wolk-sources-4.10-pre7. In actual fact, |
36 |
> Marc-Christian Peterson seems to have put in much saner checks in mmap.c |
37 |
> from the wolk-sources (for some time now :-p), so I will probably come |
38 |
> up with an alternate patch myself based on his mmap code, and post it |
39 |
> here. |
40 |
> |
41 |
> Regards, |
42 |
> |
43 |
> --Kerin Francis Millar |
44 |
-- |
45 |
Matthew Baxa <mbaxa@×××××××.edu> |
46 |
Applications Services Assistant |
47 |
K-State University Office of Mediated Education |
48 |
http://www.dce.ksu.edu |