| 1 |
On Tue, 2008-02-12 at 09:46 +0200, Alex Efros wrote: |
| 2 |
> Hi! |
| 3 |
> |
| 4 |
> On Tue, Feb 12, 2008 at 08:27:21AM +0100, Natanael Copa wrote: |
| 5 |
> > Attatched is a slightly modified version of the exploit that should |
| 6 |
> > compile for you. (uses sysconf(_SC_PAGE_SIZE) rather than PAGE_SIZE from |
| 7 |
> > asm/page.h) |
| 8 |
> |
| 9 |
> Actually, such sort of mistakes in exploits exists just to prevent it |
| 10 |
> compiling by people who unable to fix it, |
| 11 |
|
| 12 |
you mean ppl like you? |
| 13 |
it could also be that this code is very old as explained in the comment |
| 14 |
in the header and used to work. |
| 15 |
|
| 16 |
> so it isn't really good idea to |
| 17 |
> post fixed version in public maillist - at least you can send it using |
| 18 |
> private email. |
| 19 |
|
| 20 |
how do i know that you are not a "bad" guy that are "not supposed" to be |
| 21 |
able to compile it? |
| 22 |
|
| 23 |
> Anyway, this exploit doesn't work as 'local root' on my |
| 24 |
> '2.6.20-hardened-r10 SMP' - but looks like it leak some kernel memory on |
| 25 |
> each execution, so running it in a `while :; do ...; done` will result in |
| 26 |
> hang in about a minute, so it at least 'local DoS' exploit. |
| 27 |
> |
| 28 |
> Is there any plans to backport patch for this bug to .20 hardened kernel? |
| 29 |
> I'm not upgraded yet to .23 kernel because of few issues with PaX |
| 30 |
> mentioned in this maillist in last months... :( |
| 31 |
|
| 32 |
This one should apply or you can apply it manually. |
| 33 |
|
| 34 |
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=712a30e63c8066ed84385b12edbfb804f49cbc44 |
| 35 |
|
| 36 |
> -- |
| 37 |
> WBR, Alex. |
| 38 |
|
| 39 |
-- |
| 40 |
gentoo-hardened@l.g.o mailing list |
Archives