lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 05 Dec 2003 22:31:27 +0100
From: Goetz Babin-Ebell <babin-ebell@...stcenter.de>
To: bugtraq@...urityfocus.com
Subject: Re: Hot fix for do_brk bug

Hello Shane,

canon@...sc.gov wrote:
> I've written a linux kernel module that can be used to hot fix a
> Linux system for the bug in do_brk.  It scans the
> kernel space and replaces jmp and calls to do_brk
> to point to a wrapper routine instead.  It also maps
> the symbol table to point to the wrapper.  This only
> works on x86 and it has only been tested with RH kernels
> 2.4.18-27.7.xsmp and 2.4.20-20.7smp.  It is quite possible
> this could crash or screw-up a system, so use at your own
> risk.  I've tested the module against the proof of concept code
> written and posted by Christophe Devine.  The module catches
> the exploit and logs the attempt.

It would be less intrusive to the kernel to supply a fixed do_brk()
and replace the do_brk with a jump to your version.

This way you only have to touch one place
in the kernel space (and no guesswork, no modify
of kernel data that might look like a pointer to do_brk()
but is really something else...)

Bye

Goetz

-- 
Goetz Babin-Ebell, TC TrustCenter AG, http://www.trustcenter.de
Sonninstr. 24-28, 20097 Hamburg, Germany
Tel.: +49-(0)40 80 80 26 -0,  Fax: +49-(0)40 80 80 26 -126

Download attachment "smime.p7s" of type "application/x-pkcs7-signature" (3397 bytes)

Powered by blists - more mailing lists