[rsbac] Linux: 2.4.24 Stable Kernel Released

Paul Robertson proberts at patriot.net
Fri Jan 9 02:09:15 CET 2004

On Mon, 5 Jan 2004, Amon Ott wrote:

> Yes, same problem as with do_brk. However, so far there does not seem to be
> any exploit code floating around, only claims. See http://lists.netsys.com/
> pipermail/full-disclosure/2004-January/015198.html

There are two versions out now, the first one just caused a reboot in my
testing, and I haven't tried the second yet (way too busy today)- but it
claims to not reboot the system and is really a test.

> The 2.4.24 patch for RSBAC 1.2.2 is out in /pre, so you can update.
> Alternatively, use the patch for earlier kernels I posted.

Also, there were kernel modules posted to LKML which wrapper both this and
the do_brk syscall with fixed code, then call the original syscall- I'd
probalby make the so they couldn't be unloaded rather than take them
as-is, but for a production system, that could be a good enough fix until
you get to a scheduled maintenance period.

Paul D. Robertson      "My statements in this message are personal opinions
proberts at patriot.net      which may have no basis whatsoever in fact."
probertson at trusecure.com Director of Risk Assessment TruSecure Corporation

More information about the rsbac mailing list