Gentoo Archives: gentoo-security

From: Marc Ballarin <Ballarin.Marc@×××.de>
To: Frank Reich <hoshifr@×××.net>
Cc: gentoo-security@l.g.o
Subject: Re: [gentoo-security] kernel bug #59378 fixed?
Date: Mon, 09 Aug 2004 21:16:34
Message-Id: 20040809231733.3a6a5a3e.Ballarin.Marc@gmx.de
In Reply to: [gentoo-security] kernel bug #59378 fixed? by Frank Reich
1 On Mon, 09 Aug 2004 21:53:08 +0200
2 Frank Reich <hoshifr@×××.net> wrote:
3
4 >
5 > I simply guessed that "race won" isn't really that good. So, I updated
6 > and then tested again with the same effect/ouput!
7 >
8
9 Check the file kmem.dat which is created by the exploit code (You have to
10 adjust MEMSIZE at line 36 before compiling and running the exploit).
11
12 As long as kmem.dat doesn't cotain anything but the contents of /proc/mtrr
13 + a lot of binary zeroes everything is fine.
14
15 > Shouldn't the output be something different in of the two cases, since
16 > only the r12 has the fix included?
17 >
18 > Regards, Frank.
19 >
20 > PS: I wonder why doesn't the demo-exploit just say: "your kernel is
21 > vulnerable?"
22 >
23
24 The exploit uses the race condiditon to access kernel memory. The patch
25 probably only prevents access to kernel memory, but does not fix the race
26 completely.
27 An improved and much more fundamental patch will be in 2.6.8. (See
28 http://www.kernel.org/pub/linux/kernel/v2.6/snapshots/patch-2.6.8-rc3-bk4.log)
29
30 Regards
31
32 --
33 gentoo-security@g.o mailing list