by Anonymous Coward writes:
on Sunday February 10, 2008 @03:55PM (#22372790)
The problem is now known so I'm sure a fix is already on the way.
Holy shit, no kidding - the form of an exploit which fixes the bug live in the kernel mem. nobody$./exploit [..] [+] mmap: 0xb7f29000.. 0xb7f5b000 [+] root root# ^D
nobody$./disable-vmsplice-if-exploitable [..] Exploit gone! nobody$./exploit [+] mmap: 0xb7f34000.. 0xb7f66000 [-] vmsplice nobody$ no root for me anymore!
By Morten Hustveit: "a modification of the exploit that finds the address of sys_vmsplice in the kernel (using/proc/kallsyms) and replaces the first byte with a RET instruction (using mmap of/dev/kmem)" from http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=464953#14 [debian.org]
disable-vmsplice-if-exploitable causes kernel oops on Debian Etch with kernel 2.6.18-3-xen-686
Did the exploit work by itself? It would be interesting to know whether the exploit or the workaround crashes the machine. The exploit (without my patch) is known to crash some machines.
I can confirm that exploit caused 2.6.20.3 kernel on a server that I maintain to become unstable and eventually hang (and before that happened, exploit crashed with segmentation fault but did not run a shell). I have installed a 2.6.24 kernel with patches mentioned in https://bugs.launchpad.net/ubuntu/+source/linux-source-2.6.22/+bug/190587 [launchpad.net] , and the problem disappeared, exploit harmlessly exits.
disable-vmsplice-if-exploitable causes kernel oops on Debian Etch 2.6.18-5-686 as well.
The exploit ran, and disable-vmsplice-if-exploitable ran, and the exploit stopped running. Several hours later,
Message from syslogd@kenobi at Mon Feb 11 00:00:27 2008... kenobi kernel: Oops: 0002 [#1]
In the free world the media isn't government run; the government is media run.
You say that like it's a good thing... I guess you don't live in the UK:(
We have more and more laws created as a response to the Daily Mail or Sun headlines... Laws that don't actually address the real problem, and just make for a more restrictive society, and all because the government is media run.
Beauty of OSS (Score:5, Insightful)
On the other hand though this is the beauty of open source. The problem is now known so I'm sure a fix is already on the way.
Re:Beauty of OSS (Score:5, Informative)
nobody$
[..]
[+] mmap: 0xb7f29000
[+] root
root# ^D
nobody$
[..]
Exploit gone!
nobody$
[+] mmap: 0xb7f34000
[-] vmsplice
nobody$ no root for me anymore!
By Morten Hustveit:
"a modification of the exploit that finds the address of sys_vmsplice in the
kernel (using
(using mmap of
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=464953#14 [debian.org]
Re: (Score:2)
Re: (Score:3, Informative)
Re: (Score:2, Interesting)
Did the exploit work by itself? It would be interesting to know whether the exploit or the workaround crashes the machine. The exploit (without my patch) is known to crash some machines.
Re: (Score:3, Interesting)
I couldn't get the bare exploit code to compile.
The 'workaround' compiled and resulted in the oops. It did not get as far as showing whether the kernel was exploitable or not.
Re: (Score:1)
gcc -c -static -Wno-format code.c -o localroot && chmod +x localroot
Should compile fine.
Re: (Score:2)
Re:disable-vmsplice-if-exploitable causes OOPS (Score:1)
Re: (Score:2)
You say that like it's a good thing... I guess you don't live in the UK
We have more and more laws created as a response to the Daily Mail or Sun headlines... Laws that don't actually address the real problem, and just make for a more restrictive society, and all because the government is media run.
Re: (Score:2)
Re: (Score:2)
I don't think its a good thing.
I did live in the UK until it became a media-run police-state.
Modern, western 'democracies' would more be more aptly named 'mediacracies'
Rule by media. Thats what they've got.
Re: (Score:2)
Re: (Score:1)
Re: (Score:1)
Re: (Score:2)
See Boss, I fixed it. Next!
(j/k)