[rsbac] Re: Will 2.4.20 Source be patched for the latest kernel
vulnerability?
Joachim Ring
jring at web.de
Tue Dec 2 21:14:16 CET 2003
On Tue, Dec 02, 2003 at 14:45:08 +0100, Amon Ott wrote:
> > No, it is not sufficient, sorry.
> >
> > There is nothing in RSBAC which prevents the binary to be linked at a higher
> > address, right?
>
> Nothing helps but fixing the kernel bug, see my latest posting. I fear, none
> of the existing kernel security extensions can limit this bug's effects.
>
> All of you certainly know that RSBAC, like the other kernel extensions, must
> rely on the kernel's correct implementation. Once you enter kernel space,
> there is no more security - this is a major disadvantage of its monolithic
> design.
while i suppose all of the above statements that rsbac doesn't help
against the now infamous do_brk exploit are true, the fact that the machine to
be attacked has rsbac in place with a policy which either allows writing or
executing binaries & libs but never both for any given location, might have
made exploiting the hole a real challenge...
joachim
More information about the rsbac
mailing list