[grsec] that expand_stack bug claimed again with POC

Carlos Carvalho carlos at fisica.ufpr.br
Sat Jan 20 13:29:28 EST 2007


I've just seen in bugtraq that company claim again the expand_stack
bug, this time giving proof-of-concept code. I tried it and just got a
segfault:

hoggar% ./a.out 
--> about to fault on 5FFFF000
zsh: segmentation fault  ./a.out
hoggar%~[ 4:20]  whoami
carlos

Here's the kernel log:

Jan 20 16:19:32 hoggar kernel: grsec: exec of a.out (./a.out )
Jan 20 16:19:32 hoggar kernel: grsec: signal 11 sent to a.out[a.out:26304]
Jan 20 16:19:32 hoggar kernel: grsec: denied resource overstep by
   requesting 4096 for RLIMIT_CORE against limit 0 for a.out[a.out:26304]

Maybe I don't know how to adapt/run it, so it'd be good if the experts
had a look at it... Local root is too critical to downplay.

I'm using 2.6.19.1, and I'm about to go to the 19.2/latest grsec release.


More information about the grsecurity mailing list