[grsec] grsec for vmsplice-bug-fixed Linux 2.6?

Lubomir Host rajo at platon.sk
Wed Feb 13 17:51:14 EST 2008 

Hi,

all methods below works only on 32 bit architecture. Is here some
workaround for x86_64 architecture?

$  uname -m
x86_64
$ awk '$3 == "sys_vmsplice" { printf "%ld\n", strtonum(sprintf("%s%s", "0x", $1)); }' /proc/kallsyms 
18446744071564818432
$ dd if=/dev/kmem  bs=1 count=1 seek=18446744071564818432 | hexdump                                       
dd: `standard output': cannot seek
0+0 records in
0+0 records out
0 bytes (0 B) copied, 6.8598e-05 seconds, 0.0 kB/s

dd can't seek to 0xffffffff8029f9cf address (grep vmsplice /proc/kallsyms).

rajo

On Wed, Feb 13, 2008 at 10:43:50PM +0100, Lubomir Host wrote:
> I like to use only awk instead of 'cat | grep | awk' combo:
> 
>   echo -e '\xc3' | dd of=/dev/kmem bs=1 count=1 seek=$((0x`awk
>   '/sys_vmsplice/ { print $1; }' /proc/kallsyms`))
> 
> Here is another how to patch running linux kernel:
> 
> http://platon.sk/article.php?vmsplice-vulnerability-fast-fix
> 
> On Wed, Feb 13, 2008 at 10:03:49PM +0100, bon wrote:
> > in the meanwhile
> > try this sexy one-liner by sd :)
> > 
> > echo -e '\xc3' | dd of=/dev/kmem bs=1 count=1 seek=$((0x`cat 
> > /proc/kallsyms|grep sys_vmsplice | awk {'print $1'}`))
> > 
> > Marc Schiffbauer wrote:
> > > Hi all, hi Brad,
> > > 
> > > will there be a grsec patch for 2.6.24.2 which (hopefully) fixes the
> > > recent vmsplice root-exploit bug?
> > > 
> > > TIA
> > > -Marc
> > _______________________________________________
> > grsecurity mailing list
> > grsecurity at grsecurity.net
> > http://grsecurity.net/cgi-bin/mailman/listinfo/grsecurity
> 
> -- 
>   ,''`.  Lubomir Host 'rajo' <rajo AT platon.sk>    ICQ #:  257322664
>  : :' :  Jabber: rajo AT jabber.platon.sk      VoIP: callto://rajo207
>  `. `'   WWW: http://rajo.platon.sk/  Platon Group: http://platon.sk/
>    `-    GnuPG key: DC0C C7EA 55C8 B089 C41D 944A F251 A93A 2361 A82F
> _______________________________________________
> grsecurity mailing list
> grsecurity at grsecurity.net
> http://grsecurity.net/cgi-bin/mailman/listinfo/grsecurity

-- 
  ,''`.  Lubomir Host 'rajo' <rajo AT platon.sk>    ICQ #:  257322664
 : :' :  Jabber: rajo AT jabber.platon.sk      VoIP: callto://rajo207
 `. `'   WWW: http://rajo.platon.sk/  Platon Group: http://platon.sk/
   `-    GnuPG key: DC0C C7EA 55C8 B089 C41D 944A F251 A93A 2361 A82F

More information about the grsecurity mailing list