Openwall Project   /home  Owl  JtR  Pro  crypt  pam_passwdqc  tcb  phpass  scanlogd  popa3d  msulogin  /  Linux  BIND  /  advisories  presentations  /  services  donations  /  wordlists  passwords  /  news  community  lists  wiki  CVSweb  mirrors  signatures
bringing security into open environments
 
Password Recovery Resources on the Net
[<prev] [next>] [<thread-prev] [thread-next>] [month] [year] [list] 
Date: Mon, 20 Jul 2009 13:37:38 +0200
From: Marcus Meissner <meissner@...e.de>
To: oss-security@...ts.openwall.com
Subject: Re: Linux 2.6.30+/SELinux/RHEL5 test kernel 0day, exploiting the unexploitable

On Mon, Jul 20, 2009 at 03:29:09PM +0400, Solar Designer wrote:
> Marcus,
> 
> On Mon, Jul 20, 2009 at 12:01:47PM +0200, Marcus Meissner wrote:
> > - fixed the personality - PER_CLEAR_ON_SETTID inheritance issue (CVE-2009-1895)
> >   to work around mmap_min_addr protection.
> >   Affects 2.6.23-2.6.30.1
> 
> What makes you think this does not affect earlier kernels?  This does
> not match my analysis, but maybe I am missing something, hence I ask.
> 
> BTW, as you're aware, this fix is a hardening measure for/against
> SUID-root programs with a certain class of design errors in them; it is
> not exactly a fix for the kernel itself, although it should be in the
> kernel.  I do not mean to downplay the issue, but I think it is
> important that we distinguish the different types of changes that we are
> making in response to Brad's exploit.

Foremost, the mmap_min_addr protection is not in older kernels (<2.6.23) at all,
so its kinda "not implemented" instead of "bug".

Ciao, Marcus

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Hosted by DataForce ISP - Powered by Openwall GNU/*/Linux