[grsec] [Full-disclosure] Linux NULL pointer dereference due to incorrect proto_ops initializations
bodik
bodik at civ.zcu.cz
Fri Aug 14 11:01:20 EDT 2009
Brad Spengler wrote:
>> on my kernels results in:
>>
>> mprotect: permission denied
>>
>> next after chpax -permsx exploit
>>
>> results in
>> mmap: Invalid argument
>>
>> but still i don't have min_mmap (2.6.19.2)
>>
>> the former wunderbar exploit with mplayer ends up with no /proc/kallsyms
>>
>>
>> well, am'i well protected or just too lame to figure out i'am not ??
>
> If your machine is running a 32bit kernel, based on your config below
yes
> HIDESYM also makes things more difficult (though again, not impossible)
> for 2.6.29 and above kernels. You can test further for your particular
> kernel by returning 0 in the symbol lookup function instead of doing an
> exit(0). Symbols actually aren't needed for that old of a kernel.
i tried and it ends up with:
"unable to find a vulnerable domain, sorry"
that should be enough for me. i won't recompile kernel to add support of any
vulnerable domain to further testing. as i understood KERNEXEC should protect me
anyway ...
thanx a lot for your answer
bodik
More information about the grsecurity
mailing list