[rsbac] Local root exploit in 2.4.22 and previous

Amon Ott ao at rsbac.org
Tue Dec 2 11:37:55 CET 2003


On Dienstag, 2. Dezember 2003 11:36, Amon Ott wrote:
> there is a local root exploit present in 2.4 kernels up to 2.4.22. The 
> following patch agains mm/mmap.c fixes it (offsets are from an RSBAC and PaX 
> patched kernel, expect offset warning!):
> 
> --- mmap.c~     Thu Nov  6 09:24:32 2003
> +++ mmap.c      Tue Dec  2 10:27:38 2003
> @@ -1306,6 +1306,9 @@
>         if (!len)
>                 return addr;
> 
> +       if ((addr + len) > TASK_SIZE || (addr + len) < addr)
> +               return -EINVAL;
> +
>         /*
>          * mlock MCL_FUTURE?
>          */

If you want to add these three lines by hand, the function is do_brk().

Amon.
-- 
http://www.rsbac.org - GnuPG: 2048g/5DEAAA30 2002-10-22



More information about the rsbac mailing list