[rsbac] Re: Will 2.4.20 Source be patched for the latest kernel vulnerability?

Joachim Ring jring at web.de
Tue Dec 2 21:14:16 CET 2003

On Tue, Dec 02, 2003 at 14:45:08 +0100, Amon Ott wrote:
> > No, it is not sufficient, sorry.
> > 
> > There is nothing in RSBAC which prevents the binary to be linked at a higher
> > address, right?
> Nothing helps but fixing the kernel bug, see my latest posting. I fear, none 
> of the existing kernel security extensions can limit this bug's effects.
> All of you certainly know that RSBAC, like the other kernel extensions, must 
> rely on the kernel's correct implementation. Once you enter kernel space, 
> there is no more security - this is a major disadvantage of its monolithic 
> design.

while i suppose all of the above statements that rsbac doesn't help
against the now infamous do_brk exploit are true, the fact that the machine to 
be attacked has rsbac in place with a policy which either allows writing or
executing binaries & libs but never both for any given location, might have 
made exploiting the hole a real challenge...


More information about the rsbac mailing list