[grsec] uselib() advisory vs. grsec

Jirka Kosina jikos at jikos.cz
Fri Jan 7 17:56:46 EST 2005


On Fri, 7 Jan 2005, Andras Got wrote:

> I'd like ask whether the grsec patched kernels affected. Especially 2.4.26-28
> w/grsec-2.0.1. I don't have a honeypot or a testbed for a tryout, but I'd like
> to now.

The unlocked do_brk() call in load_elf_library() can be exploited on
grsecurity kernels with the same level of difficulty as on unpatched
kernel. grsecurity does not play any role here - attacker can create fake
VMA and remap it on the place of other existing legitimate VMA with any
kind of disturbing content (place a shellcode to fake page which will then
be trigerred to some redirected function call through pointer (for example
fsync())). No place for grsecurity here.

-- 
JiKos.


More information about the grsecurity mailing list