[grsec] Re: [gentoo-hardened] about the recent ELF kernel bug
Miguel Filipe
miguel.filipe at gmail.com
Fri May 13 10:42:45 EDT 2005
Hi there,
On 5/13/05, Pedro Venda <pjvenda at arrakis.dhis.org> wrote:
> hi everyone,
>
> Has anyone got a clue on how should the proof of concept code behave on
> vulnerable and not vulnerable machines?
>
> On a PaX+grsecurity hardened server, it outputs:
>
> [+] ./elfcd1 argv_start=0xb47b23d4 argv_end=0xb47b23dc ESP: 0xb47b1890
> [+] phase 1
> [+] AAAA argv_start=0xb5e0442e argv_end=0xb5e04432 ESP: 0xb5e03930
> [+] phase2, <RET> to crash Killed
>
> and doesn't core-dump. Also it doesn't warn about the segmentation violation
> process in the logs...
>
> On my laptop, a test server and 2 other workstations (standard 2.6.11.5-8
> kernels) results are consistent but different from the hardened server:
> pjlv at archon test $ ./elfcd1
>
> [+] ./elfcd1 argv_start=0xbfffeff7 argv_end=0xbfffefff ESP: 0xbfffedb0
> [+] phase 1
> [+] AAAA argv_start=0xbfff6fee argv_end=0xbfff6ff2 ESP: 0xbfff6e80
> [+] phase 2, <RET> to crash Segmentation fault (core dumped)
>
> and core-dumps.
>
> any help? is the hardened server secure? I suppose so, since it didn't core
> dump.
>
>From what I understood, a core dump doesn't meen the POC worked.
But I could be wrong...
> regards,
> pedro venda.
> --
>
> Pedro João Lopes Venda
> email: pjvenda < at > arrakis.dhis.org
> http://arrakis.dhis.org
>
>
>
best regards, e abraços pa ti pj! :-p
--
Miguel Sousa Filipe
More information about the grsecurity
mailing list