[rsbac] Critical bug in PaX, please update!

murf murf at post.cz
Sun Mar 6 15:08:18 CET 2005


Hello!

workaround is only for 2.4 kernels, not for 2.6 ones.

AFAIK Its true that PAX will be terminated, but somebody 
will continue - spender or anyone blessed by pipacs.

If you use kernels 2.6 and have only CONFIG_PAX_PAGEEXEC enabled,
then your system is not vulnerable ;-).

Regards,

murf

======================================================================== 
- From the original announcement this config is affected since 
CONFIG_PAX_SEGMEXEC=y (even if CONFIG_PAX_RANDEXEC is not set). The 
announcement says that mitigation is possibile by changing parameters in 
/proc/sys/vm/pagetable_cache, which does not exist in these kernels. I 
guess this means for these kernels the only way is to update.

Is it true that on 1st April, 2005 the PaX project will be terminated?

Andrea



More information about the rsbac mailing list