Bug In Most Linuxes Can Give Untrusted Users Root
Alan Johnson
alan at datdec.com
Wed Nov 4 22:52:45 EST 2009
On Wed, Nov 4, 2009 at 8:34 PM, Ben Scott <dragonhawk at gmail.com> wrote:
> I'm way too tired right now to read through the whole morass, but
> some people on /. are saying that this issue only occurs when (1) you
> allow the untrusted user to run a setuid-root executable and (2) that
> executable allows arbitrary user-supplied modules to be loaded. If
> that's accurate, then my though is, "Well, duh!".
>
> Either way, the issue reportedly depends on being able to mmap a
> page to virtual address zero, and you can tell the kernel not to
> permit such a low mmap address.
>
> liberty$ cat /proc/sys/vm/mmap_min_addr
> 65536
>
> liberty is running CentOS 5.whatever-is-current, and I never did
> anything to set that.
>
> -- Ben
> _______________________________________________
> gnhlug-discuss mailing list
> gnhlug-discuss at mail.gnhlug.org
> http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
>
My ubuntu 8.04 boxes are the same way, but there were comments about certain
programs/packages/or-something (wine was mentioned) setting to 0 so they can
do what the need to do. I'm doubting many modern server installs are at
risk, but it is easy enough to check.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.gnhlug.org/mailman/private/gnhlug-discuss/attachments/20091104/1e9d2de2/attachment.html
More information about the gnhlug-discuss
mailing list