SCIENTIFIC-LINUX-USERS Archives

August 2009

SCIENTIFIC-LINUX-USERS@LISTSERV.FNAL.GOV
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Re: kernel security
From:
Dr Andrew C Aitchison <[log in to unmask]>
Reply To:
Dr Andrew C Aitchison <[log in to unmask]>
Date:
Fri, 14 Aug 2009 11:59:55 +0100
Content-Type:
TEXT/PLAIN
Parts/Attachments:
TEXT/PLAIN (25 lines) 
On Fri, 14 Aug 2009, Urs Beyerle wrote:
> I guess SL is affected like most other Linux distributions.
>
> I'm not 100% sure, but setting vm.mmap_min_addr to a value above 0
> should prevent an exploit.
>
> # sysctl vm.mmap_min_addr=4096

The default on my SL53 machines appears to be 65536
so there may be no need to do this.

And Stephan Wiesand <[log in to unmask]> replied:
> I successfully rooted a 32bit SL5 system with SELinux enabled
> and vm.mmap_min_addr=64k with the public exploit :-(

Did this machine have kernel-2.6.18-128.4.1.el5 and hence the 
fix for CVE-2009-1895 which allows a user to bypass mmap_min_addr - see
https://rhn.redhat.com/errata/RHSA-2009-1193.html  ? 
Though I did see that there are other ways of bypassing
vm.mmap_min_addr :-(

-- 
Dr. Andrew C. Aitchison		Computer Officer, DPMMS, Cambridge
[log in to unmask]	http://www.dpmms.cam.ac.uk/~werdna

ATOM RSS1 RSS2