[grsec] [Full-disclosure] Linux NULL pointer dereference due to incorrect proto_ops initializations
Brad Spengler
spender at grsecurity.net
Fri Aug 14 09:38:36 EDT 2009
> on my kernels results in:
>
> mprotect: permission denied
>
> next after chpax -permsx exploit
>
> results in
> mmap: Invalid argument
>
> but still i don't have min_mmap (2.6.19.2)
>
> the former wunderbar exploit with mplayer ends up with no /proc/kallsyms
>
>
> well, am'i well protected or just too lame to figure out i'am not ??
If your machine is running a 32bit kernel, based on your config below
(you have KERNEXEC on) you are protected from all possible exploits for
this vulnerability. UDEREF will help protect against some exploits, but
it's possible to create an exploit that would execute all code in
userland, but only access kernel data. Again, both of these only help
in this case for a 32bit kernel. If you have a 64bit kernel that's
older than 2.6.23 or haven't enabled mmap_min_addr, then you're
vulnerable.
HIDESYM also makes things more difficult (though again, not impossible)
for 2.6.29 and above kernels. You can test further for your particular
kernel by returning 0 in the symbol lookup function instead of doing an
exit(0). Symbols actually aren't needed for that old of a kernel.
-Brad
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://grsecurity.net/pipermail/grsecurity/attachments/20090814/42b33eef/attachment.pgp
More information about the grsecurity
mailing list