Bug In Most Linuxes Can Give Untrusted Users Root
Ken D'Ambrosio
ken at jots.org
Fri Nov 6 04:54:38 EST 2009
LWN has a decent write-up on the bug; the comments, themselves, are
possibly even more valuable:
http://lwn.net/SubscriberLink/360328/c2870b25b624fea3/
-Ken
P.S. Technically, that's a subscriber-only link (though it goes free in
two weeks), but LWN allows links to non-subscribers.
On Wed, November 4, 2009 8:34 pm, Ben Scott wrote:
> I'm way too tired right now to read through the whole morass, but
> some people on /. are saying that this issue only occurs when (1) you allow
> the untrusted user to run a setuid-root executable and (2) that executable
> allows arbitrary user-supplied modules to be loaded. If that's accurate,
> then my though is, "Well, duh!".
>
> Either way, the issue reportedly depends on being able to mmap a
> page to virtual address zero, and you can tell the kernel not to permit
> such a low mmap address.
>
> liberty$ cat /proc/sys/vm/mmap_min_addr 65536
>
>
> liberty is running CentOS 5.whatever-is-current, and I never did anything
> to set that.
>
> -- Ben
> _______________________________________________
> gnhlug-discuss mailing list gnhlug-discuss at mail.gnhlug.org
> http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
>
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is believed to be clean.
>
>
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
More information about the gnhlug-discuss
mailing list