[rsbac] Critical bug in PaX, please update!
Michal Purzynski
albeiro at polsl.gliwice.pl
Sun Mar 6 15:41:17 CET 2005
On 6 mar, 2005, at 15:08, murf wrote:
>
> If you use kernels 2.6 and have only CONFIG_PAX_PAGEEXEC enabled,
> then your system is not vulnerable ;-).
>
more exactly - anything that is using vma mirroring, so either segmexec
or randexec.
> The
> announcement says that mitigation is possibile by changing parameters
> in
> /proc/sys/vm/pagetable_cache, which does not exist in these kernels. I
> guess this means for these kernels the only way is to update.
>
>
it only closes the most obvious attack vector, the only possibility to
close this hole is to upgrade
More information about the rsbac
mailing list