[rsbac] Local root exploit in 2.4.22 and previous
Amon Ott
ao at rsbac.org
Tue Dec 2 11:37:55 CET 2003
On Dienstag, 2. Dezember 2003 11:36, Amon Ott wrote:
> there is a local root exploit present in 2.4 kernels up to 2.4.22. The
> following patch agains mm/mmap.c fixes it (offsets are from an RSBAC and PaX
> patched kernel, expect offset warning!):
>
> --- mmap.c~ Thu Nov 6 09:24:32 2003
> +++ mmap.c Tue Dec 2 10:27:38 2003
> @@ -1306,6 +1306,9 @@
> if (!len)
> return addr;
>
> + if ((addr + len) > TASK_SIZE || (addr + len) < addr)
> + return -EINVAL;
> +
> /*
> * mlock MCL_FUTURE?
> */
If you want to add these three lines by hand, the function is do_brk().
Amon.
--
http://www.rsbac.org - GnuPG: 2048g/5DEAAA30 2002-10-22
More information about the rsbac
mailing list