FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Gentoo > Gentoo Hardened

 
 
LinkBack Thread Tools
 
Old 01-23-2012, 10:49 PM
"Tóth Attila"
 
Default Interesting: CVE-2012-0056

Please take a look at on this exploit:
http://blog.zx2c4.com/749
It is interesting to think about /proc/pid/mem protection and about
building su with PIE enabled...

Regards:
Dw.
--
dr Tóth Attila, Radiológus, 06-20-825-8057
Attila Toth MD, Radiologist, +36-20-825-8057
 
Old 01-24-2012, 12:35 AM
"Francesco R.(vivo)"
 
Default Interesting: CVE-2012-0056

On Tuesday 24 January 2012 00:49:19 Tóth Attila wrote:
> Please take a look at on this exploit:
> http://blog.zx2c4.com/749
> It is interesting to think about /proc/pid/mem protection and about
> building su with PIE enabled...
>
> Regards:
> Dw.

BTW this in "vanilla" gentoo does not work because of the permission of the su
file:
ls -l /usr/bin/su
-rws--x--x 1 root root 36776 18 gen 21.31 /usr/bin/su

readelf cannot read the address, but there can be other ways to access the
binary for example for group "disk"

hardened gentoo is un-affected as expected (but you already know)
 

Thread Tools




All times are GMT. The time now is 02:56 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright ©2007 - 2008, www.linux-archive.org