[rsbac] Local root exploit in 2.4.22 and previous

Fabian Kiendl rsbac at gmx.net
Wed Dec 3 19:05:00 CET 2003

> there is a local root exploit present in 2.4 kernels up to 2.4.22. The 
> following patch agains mm/mmap.c fixes it (offsets are from an RSBAC and
> PaX 
> patched kernel, expect offset warning!):

What would have happened if I hadn't installed that patch on an
RSBAC-enabled system and someone had tried to exploit it? Would RSBAC have offered me any
protection against the exploit iself, or would at least have the RC, ACL and
FF modules successfully have prevented rootkit installation?


More information about the rsbac mailing list