Please take a look at on this exploit:
It is interesting to think about /proc/pid/mem protection and about
building su with PIE enabled...
dr Tóth Attila, Radiológus, 06-20-825-8057
Attila Toth MD, Radiologist, +36-20-825-8057
01-24-2012, 12:35 AM
On Tuesday 24 January 2012 00:49:19 Tóth Attila wrote:
> Please take a look at on this exploit:
> It is interesting to think about /proc/pid/mem protection and about
> building su with PIE enabled...
BTW this in "vanilla" gentoo does not work because of the permission of the su
ls -l /usr/bin/su
-rws--x--x 1 root root 36776 18 gen 21.31 /usr/bin/su
readelf cannot read the address, but there can be other ways to access the
binary for example for group "disk"
hardened gentoo is un-affected as expected (but you already know)