Linux Archive

Linux Archive (http://www.linux-archive.org/)
-   Gentoo Hardened (http://www.linux-archive.org/gentoo-hardened/)
-   -   latest kernel exploit patch for vmsplice coming? (http://www.linux-archive.org/gentoo-hardened/52189-latest-kernel-exploit-patch-vmsplice-coming.html)

02-10-2008 08:41 PM

latest kernel exploit patch for vmsplice coming?
 
On 10 Feb 2008 at 22:32, Alex Howells wrote:

> I wasn't sure we needed a special patch?

it's a kernel bug so it obviously needs a patch, a fix is in the linus
tree now, i guess it'll be backported quickly.

> Every single box I've tried this exploit on ranging from
> hardened-sources-2.6.17 through to hardened-sources-2.6.23, its been
> nailed. Could just be my kernel configuration?

UDEREF prevents exploitation for good, even KERNEXEC alone would
prevent the kind of code execution that this exploit relies on.

--
gentoo-hardened@lists.gentoo.org mailing list

"Mike Rellion" 02-10-2008 09:29 PM

latest kernel exploit patch for vmsplice coming?
 
With this latest root exploit getting a lot of attention will we get a hardened patch for this soon?

There is a runtime fix at: http://www.ping.uio.no/~mortehu/disable-vmsplice-if-exploitable.c but grsec sadly prevents the runtime fix from running for those of us running it as it denies kmem writing.* We could recompile without grsec to apply this runtime patch but that is certainly a hack.


~Mike

"Alex Howells" 02-10-2008 09:32 PM

latest kernel exploit patch for vmsplice coming?
 
On 10/02/2008, Mike Rellion <m.rellion@gmail.com> wrote:
> With this latest root exploit getting a lot of attention will we get a
> hardened patch for this soon?
>
> There is a runtime fix at:
> http://www.ping.uio.no/~mortehu/disable-vmsplice-if-exploitable.c
> but grsec sadly prevents the runtime fix from running for those of us
> running it as it denies kmem writing. We could recompile without grsec to
> apply this runtime patch but that is certainly a hack.

I wasn't sure we needed a special patch?

Every single box I've tried this exploit on ranging from
hardened-sources-2.6.17 through to hardened-sources-2.6.23, its been
nailed. Could just be my kernel configuration?
--
gentoo-hardened@lists.gentoo.org mailing list

"Mike Rellion" 02-10-2008 09:36 PM

latest kernel exploit patch for vmsplice coming?
 
Sorry I wasn't saying we needed a special patch but as 2.6.24 is masked currently I was thinking if hardened could add this as one of the hardened patches applied to the kernel when compiled.

~Mitch


On Feb 10, 2008 5:32 PM, Alex Howells <astinus@gentoo.org> wrote:

On 10/02/2008, Mike Rellion <m.rellion@gmail.com> wrote:
> With this latest root exploit getting a lot of attention will we get a

> hardened patch for this soon?
>
> There is a runtime fix at:
> http://www.ping.uio.no/~mortehu/disable-vmsplice-if-exploitable.c

> but grsec sadly prevents the runtime fix from running for those of us
> running it as it denies kmem writing. *We could recompile without grsec to
> apply this runtime patch but that is certainly a hack.


I wasn't sure we needed a special patch?

Every single box I've tried this exploit on ranging from
hardened-sources-2.6.17 through to hardened-sources-2.6.23, its been
nailed. Could just be my kernel configuration?

--
gentoo-hardened@lists.gentoo.org mailing list

"Alex Howells" 02-11-2008 06:56 PM

latest kernel exploit patch for vmsplice coming?
 
On 11/02/2008, Petteri Räty <betelgeuse@gentoo.org> wrote:
> Ned Ludd kirjoitti:
> > On Sun, 2008-02-10 at 23:41 +0200, pageexec@freemail.hu wrote:
> >
> > More FYI..
> > Hardened is nearly dead in respects to the
> > hardened-profile/hardened-toolchain/hardened-kernel.
> > It does not have to die but we are in a bit of a catch-22.
> > I'm the last dev really watching over those things. Everybody else has
> > retired and moved on in life. I'm starting to do the same. Weekend and
> > evening hobbies of other interest are starting to take priority. So the
> > catch-22 is that hardened needs more devs+proxies and or to be
> > re-evaluated.. The kicker is that I don't really have the spare time to
> > mentor new people. So... Any of you that want to help this project
> > continue. Please stop by #gentoo-hardened on freenode and offer whatever
> > help you can that fit within your skill traits (self motivated ppl++).
> >
> >
>
> Finding mentors should not hold up things. Please contact recruiters if
> you need someone to track down mentors for you.
>

That's a false argument, a lot of mentors are complete tripe. For
evidence, just look at some of the Developers we've recruited lately.

</troll> I'd wager solar doesn't want to sponsor shitty developers.

[ resending as I didn't select astinus@gentoo.org to start with, boo ]
���Z�קy���z{h�����x%�

Petteri Rty 02-11-2008 09:38 PM

latest kernel exploit patch for vmsplice coming?
 
Alex Howells kirjoitti:

On 11/02/2008, Petteri Rty <betelgeuse@gentoo.org> wrote:

That's a false argument, a lot of mentors are complete tripe. For
evidence, just look at some of the Developers we've recruited lately.

</troll> I'd wager solar doesn't want to sponsor shitty developers.

[ resending as I didn't select astinus@gentoo.org to start with, boo ]


WTF?
If you think we are letting people in too easily, please contact
recruiters with ideas on how to improve the process.


Regards,
Petteri

"Matt Poletiek" 02-11-2008 11:04 PM

latest kernel exploit patch for vmsplice coming?
 
I am young, I am inexperienced when it comes to OSS development, I
have only minor programming experience, however I am probably one of
the biggest fans of the hardened-gentoo project. I have a good
knowledge base when it comes to security and it would kill me to see
one of the best security projects die in light of what is currently
happening in the industry.

I have a 32bit hardened-gentoo server in colocation I can offer for
some resources as well as any free time I may have. I have no idea how
I would be of service, but am confident in my ability to lighten the
load and take care of any trivial work as I learn the process.

On Feb 11, 2008 3:38 PM, Petteri Rty <betelgeuse@gentoo.org> wrote:
> Alex Howells kirjoitti:
> > On 11/02/2008, Petteri Rty <betelgeuse@gentoo.org> wrote:
> >
> > That's a false argument, a lot of mentors are complete tripe. For
> > evidence, just look at some of the Developers we've recruited lately.
> >
> > </troll> I'd wager solar doesn't want to sponsor shitty developers.
> >
> > [ resending as I didn't select astinus@gentoo.org to start with, boo ]
>
> WTF?
> If you think we are letting people in too easily, please contact
> recruiters with ideas on how to improve the process.
>
> Regards,
> Petteri
>
>
--
gentoo-hardened@lists.gentoo.org mailing list

"Navtej Singh" 02-12-2008 07:13 AM

latest kernel exploit patch for vmsplice coming?
 
(assuming unmodified exploit code) You should not be running it as root!

2008/2/12 Алексей Лесовский <d4@tp.kurgan.ru>:
> Ok. I compiled this sources successful, and vhen I execute him I got next
>
> -----------------------------------
> Linux vmsplice Local Root Exploit
> By qaaz
> -----------------------------------
> [-] !@#$
>
> and what is it? :-) executed on gentoo-sources kernel, not hardened
>
> Natanael Copa пишет:
>
> > On Tue, 2008-02-12 at 10:02 +0500, Алексей Лесовский wrote:
> >
> >> Anyone, can send me compiled exploit? i tests my hardened hosts
> >> my gcc cannot compile sources
> >>
> >
> > Attatched is a slightly modified version of the exploit that should
> > compile for you. (uses sysconf(_SC_PAGE_SIZE) rather than PAGE_SIZE from
> > asm/page.h)
> >
> > -nc
> >
>
>
> --
> gentoo-hardened@lists.gentoo.org mailing list
>
>

Алексей Лесовский 02-12-2008 07:37 AM

latest kernel exploit patch for vmsplice coming?
 
I'am not root. I'am sure

daevy@node ~ $ ./expl.bin
-----------------------------------
Linux vmsplice Local Root Exploit
By qaaz
-----------------------------------
[-] !@#$
daevy@node ~ $


Navtej Singh пишет:

(assuming unmodified exploit code) You should not be running it as root!

2008/2/12 Алексей Лесовский <d4@tp.kurgan.ru>:


Ok. I compiled this sources successful, and vhen I execute him I got next

-----------------------------------
Linux vmsplice Local Root Exploit
By qaaz
-----------------------------------
[-] !@#$

and what is it? :-) executed on gentoo-sources kernel, not hardened

Natanael Copa пишет:



On Tue, 2008-02-12 at 10:02 +0500, Алексей Лесовский wrote:



Anyone, can send me compiled exploit? i tests my hardened hosts
my gcc cannot compile sources



Attatched is a slightly modified version of the exploit that should
compile for you. (uses sysconf(_SC_PAGE_SIZE) rather than PAGE_SIZE from
asm/page.h)

-nc



--
gentoo-hardened@lists.gentoo.org mailing list




│ИМ╒┬Z╜в╖yыb╡ш z{h╒┼Ю≥╗╔┼x%ist=


--
gentoo-hardened@lists.gentoo.org mailing list

"Kerin Millar" 02-12-2008 12:32 PM

latest kernel exploit patch for vmsplice coming?
 
On 12/02/2008, Natanael Copa <natanael.copa@gmail.com> wrote:
>
> On Tue, 2008-02-12 at 13:37 +0500, Алексей Лесовский wrote:
> > I'am not root. I'am sure
>
> so the hardened kernel protects you. congrats!
>
> you might still want to apply the patch that fixes the problem.
>

Have a look at this one too:

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=900cf086fd2fbad07f72f457544 9e0d0958f860f

I appended a comment to bug 209460 about it:

http://bugs.gentoo.org/show_bug.cgi?id=209460#c20

I just wish I'd been aware of it before contributing the revised
hardened-extras patchset!

Regards,

--Kerin
│ИМ╒┬Z╜в╖yыb╡ш z{h╒┼Ю≥╗╔┼x%┼к


All times are GMT. The time now is 02:06 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.