Gentoo Archives: gentoo-hardened

From:	Alex Howells <astinus@g.o>
To:	gentoo-hardened@l.g.o
Subject:	Re: [gentoo-hardened] latest kernel exploit patch for vmsplice coming?
Date:	Sun, 10 Feb 2008 22:32:22
Message-Id:	`a4020f860802101432s46a3ab58xa32889563d2ecc77@mail.gmail.com`
In Reply to:	[gentoo-hardened] latest kernel exploit patch for vmsplice coming? by Mike Rellion

1	On 10/02/2008, Mike Rellion <m.rellion@×××××.com> wrote:
2	> With this latest root exploit getting a lot of attention will we get a
3	> hardened patch for this soon?
4	>
5	> There is a runtime fix at:
6	> http://www.ping.uio.no/~mortehu/disable-vmsplice-if-exploitable.c
7	> but grsec sadly prevents the runtime fix from running for those of us
8	> running it as it denies kmem writing. We could recompile without grsec to
9	> apply this runtime patch but that is certainly a hack.
10
11	I wasn't sure we needed a special patch?
12
13	Every single box I've tried this exploit on ranging from
14	hardened-sources-2.6.17 through to hardened-sources-2.6.23, its been
15	nailed. Could just be my kernel configuration?
16	--
17	gentoo-hardened@l.g.o mailing list

Subject	Author
Re: [gentoo-hardened] latest kernel exploit patch for vmsplice coming?	Mike Rellion <m.rellion@×××××.com>
Re: [gentoo-hardened] latest kernel exploit patch for vmsplice coming?	pageexec@××××××××.hu