Bug In Most Linuxes Can Give Untrusted Users Root

[Ben Scott]

  I'm way too tired right now to read through the whole morass, but
some people on /. are saying that this issue only occurs when (1) you
allow the untrusted user to run a setuid-root executable and (2) that
executable allows arbitrary user-supplied modules to be loaded.  If
that's accurate, then my though is, "Well, duh!".

  Either way, the issue reportedly depends on being able to mmap a
page to virtual address zero, and you can tell the kernel not to
permit such a low mmap address.

liberty$ cat /proc/sys/vm/mmap_min_addr
65536

  liberty is running CentOS 5.whatever-is-current, and I never did
anything to set that.

-- Ben