1 |
Sorry I wasn't saying we needed a special patch but as 2.6.24 is masked |
2 |
currently I was thinking if hardened could add this as one of the hardened |
3 |
patches applied to the kernel when compiled. |
4 |
|
5 |
~Mitch |
6 |
|
7 |
On Feb 10, 2008 5:32 PM, Alex Howells <astinus@g.o> wrote: |
8 |
|
9 |
> On 10/02/2008, Mike Rellion <m.rellion@×××××.com> wrote: |
10 |
> > With this latest root exploit getting a lot of attention will we get a |
11 |
> > hardened patch for this soon? |
12 |
> > |
13 |
> > There is a runtime fix at: |
14 |
> > http://www.ping.uio.no/~mortehu/disable-vmsplice-if-exploitable.c<http://www.ping.uio.no/%7Emortehu/disable-vmsplice-if-exploitable.c> |
15 |
> > but grsec sadly prevents the runtime fix from running for those of us |
16 |
> > running it as it denies kmem writing. We could recompile without grsec |
17 |
> to |
18 |
> > apply this runtime patch but that is certainly a hack. |
19 |
> |
20 |
> I wasn't sure we needed a special patch? |
21 |
> |
22 |
> Every single box I've tried this exploit on ranging from |
23 |
> hardened-sources-2.6.17 through to hardened-sources-2.6.23, its been |
24 |
> nailed. Could just be my kernel configuration? |
25 |
> -- |
26 |
> gentoo-hardened@l.g.o mailing list |
27 |
> |
28 |
> |