| 1 |
Sune Kloppenborg Jeppesen wrote: |
| 2 |
> [22:25:52] <@plasmaroo> jaervosz: What file is it getting run on? I believe it |
| 3 |
> has to be a /proc. |
| 4 |
> [22:27:40] <@jaervosz> plasmaroo: seems like it should be proc, will you give |
| 5 |
> a short answer? |
| 6 |
Well, I didn't try that. Now it's too late, r12 already running. |
| 7 |
|
| 8 |
> [22:27:41] <@plasmaroo> printf("\n[+] SUCCESS, lseek fails, reading kernel |
| 9 |
> mem...\n"); << That should get run on a vulnerable kernel! |
| 10 |
I thought so. But since I didn't try something in /proc, this never |
| 11 |
appeared. |
| 12 |
|
| 13 |
Now I've tried something like this: |
| 14 |
$ proc_kmem_dump /proc/mtrr |
| 15 |
mmap: No such device |
| 16 |
|
| 17 |
and |
| 18 |
|
| 19 |
$ proc_kmem_dump /proc/kcore |
| 20 |
open file: Permission denied |
| 21 |
|
| 22 |
Either I'm still making mistakes or it really doesn't work anymore, |
| 23 |
which should be the case anyway. |
| 24 |
|
| 25 |
@ Marc Ballarin: |
| 26 |
I adjusted MEMSIZE to 512 and after running proc_mem_dump on a large |
| 27 |
file the first three lines of kmem.dat are indeed the content of |
| 28 |
/proc/mtrr. The rest of the file is filled with zeros. |
| 29 |
|
| 30 |
Thanks to all answers! |
| 31 |
|
| 32 |
Regards, Frank. |
| 33 |
|
| 34 |
-- |
| 35 |
gentoo-security@g.o mailing list |
Archives