SCIENTIFIC-LINUX-USERS Archives

August 2009

SCIENTIFIC-LINUX-USERS@LISTSERV.FNAL.GOV
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Re: kernel security
From:
Stephan Wiesand <[log in to unmask]>
Reply To:
Stephan Wiesand <[log in to unmask]>
Date:
Fri, 14 Aug 2009 12:50:00 +0200
Content-Type:
text/plain
Parts/Attachments:
text/plain (31 lines) 
On Fri, 2009-08-14 at 12:46 +0200, Urs Beyerle wrote:
> Urs Beyerle wrote:
> > Hi,
> >
> > I guess SL is affected like most other Linux distributions.
> >
> > I'm not 100% sure, but setting vm.mmap_min_addr to a value above 0
> > should prevent an exploit.
> >
> > # sysctl vm.mmap_min_addr=4096
> >   
> 
> at least on a SL5 system with mmap_min_addr support.

I successfully rooted a 32bit SL5 system with SELinux enabled and
vm.mmap_min_addr=64k with the public exploit :-(

Working on a patched SL5 kernel.

The fix from git is not applicable to the SL4 kernel (which is
vulnerable as well).

Any ides for a workaround?

>     Urs
-- 
Stephan Wiesand
  DESY - DV -
  Platanenallee 6
  15738 Zeuthen, Germany

ATOM RSS1 RSS2