| 1 |
Sorry I wasn't saying we needed a special patch but as 2.6.24 is masked |
| 2 |
currently I was thinking if hardened could add this as one of the hardened |
| 3 |
patches applied to the kernel when compiled. |
| 4 |
|
| 5 |
~Mitch |
| 6 |
|
| 7 |
On Feb 10, 2008 5:32 PM, Alex Howells <astinus@g.o> wrote: |
| 8 |
|
| 9 |
> On 10/02/2008, Mike Rellion <m.rellion@×××××.com> wrote: |
| 10 |
> > With this latest root exploit getting a lot of attention will we get a |
| 11 |
> > hardened patch for this soon? |
| 12 |
> > |
| 13 |
> > There is a runtime fix at: |
| 14 |
> > http://www.ping.uio.no/~mortehu/disable-vmsplice-if-exploitable.c<http://www.ping.uio.no/%7Emortehu/disable-vmsplice-if-exploitable.c> |
| 15 |
> > but grsec sadly prevents the runtime fix from running for those of us |
| 16 |
> > running it as it denies kmem writing. We could recompile without grsec |
| 17 |
> to |
| 18 |
> > apply this runtime patch but that is certainly a hack. |
| 19 |
> |
| 20 |
> I wasn't sure we needed a special patch? |
| 21 |
> |
| 22 |
> Every single box I've tried this exploit on ranging from |
| 23 |
> hardened-sources-2.6.17 through to hardened-sources-2.6.23, its been |
| 24 |
> nailed. Could just be my kernel configuration? |
| 25 |
> -- |
| 26 |
> gentoo-hardened@l.g.o mailing list |
| 27 |
> |
| 28 |
> |
Archives