Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-hardened

From: Robert Paskowitz <r2d2@g.o>
To: gentoo-hardened@l.g.o
Subject: Re: [gentoo-hardened] Re: [gentoo-security] about the recent ELF kernel bug
Date: Fri, 13 May 2005 14:45:17
Message-Id: 4284BD83.7010303@gentoo.org
In Reply to: [gentoo-hardened] Re: [gentoo-security] about the recent ELF kernel bug by antoine
1 -----BEGIN PGP SIGNED MESSAGE-----
2 Hash: SHA1
3
4 Did you make sure to change ulimit -c away from '0'? (The default)
5
6 antoine wrote:
7 > I failed to crash any of my test systems with that exploit, hardened or
8 > not. And no-one else seems to have confirmed that it does work.
9 > I can however crash x86_64 systems with another unfixed bug (up to
10 > 2.6.12-rc4).
11 >
12 > Antoine
13 >
14 > On Fri, 2005-05-13 at 15:09 +0100, Pedro Venda wrote:
15 >
16 >>hi everyone,
17 >>
18 >>Has anyone got a clue on how should the proof of concept code behave on
19 >>vulnerable and not vulnerable machines?
20 >>
21 >>On a PaX+grsecurity hardened server, it outputs:
22 >>
23 >>[+] ./elfcd1 argv_start=0xb47b23d4 argv_end=0xb47b23dc ESP: 0xb47b1890
24 >>[+] phase 1
25 >>[+] AAAA argv_start=0xb5e0442e argv_end=0xb5e04432 ESP: 0xb5e03930
26 >>[+] phase2, <RET> to crash Killed
27 >>
28 >>and doesn't core-dump. Also it doesn't warn about the segmentation violation
29 >>process in the logs...
30 >>
31 >>On my laptop, a test server and 2 other workstations (standard 2.6.11.5-8
32 >>kernels) results are consistent but different from the hardened server:
33 >>pjlv@archon test $ ./elfcd1
34 >>
35 >>[+] ./elfcd1 argv_start=0xbfffeff7 argv_end=0xbfffefff ESP: 0xbfffedb0
36 >>[+] phase 1
37 >>[+] AAAA argv_start=0xbfff6fee argv_end=0xbfff6ff2 ESP: 0xbfff6e80
38 >>[+] phase 2, <RET> to crash Segmentation fault (core dumped)
39 >>
40 >>and core-dumps.
41 >>
42 >>any help? is the hardened server secure? I suppose so, since it didn't core
43 >>dump.
44 >>
45 >>regards,
46 >>pedro venda.
47 >
48 >
49 -----BEGIN PGP SIGNATURE-----
50 Version: GnuPG v1.2.4 (Darwin)
51 Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
52
53 iD8DBQFChL2CZwjIiODIZ4oRAiXDAJ0ci101Dx/KRcCQcXsxt5hralewlQCcC5CJ
54 tc1hBT+hc2hh85hLjJJ605Y=
55 =xtdv
56 -----END PGP SIGNATURE-----
57 --
58 gentoo-hardened@g.o mailing list
Report Message
Find on MARC Find on Google Groups