| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <3FD0F92F.6090909@trustcenter.de>
Date: Fri, 05 Dec 2003 22:31:27 +0100
From: Goetz Babin-Ebell <babin-ebell@...stcenter.de>
To: bugtraq@...urityfocus.com
Subject: Re: Hot fix for do_brk bug
Hello Shane,
canon@...sc.gov wrote:
> I've written a linux kernel module that can be used to hot fix a
> Linux system for the bug in do_brk. It scans the
> kernel space and replaces jmp and calls to do_brk
> to point to a wrapper routine instead. It also maps
> the symbol table to point to the wrapper. This only
> works on x86 and it has only been tested with RH kernels
> 2.4.18-27.7.xsmp and 2.4.20-20.7smp. It is quite possible
> this could crash or screw-up a system, so use at your own
> risk. I've tested the module against the proof of concept code
> written and posted by Christophe Devine. The module catches
> the exploit and logs the attempt.
It would be less intrusive to the kernel to supply a fixed do_brk()
and replace the do_brk with a jump to your version.
This way you only have to touch one place
in the kernel space (and no guesswork, no modify
of kernel data that might look like a pointer to do_brk()
but is really something else...)
Bye
Goetz
--
Goetz Babin-Ebell, TC TrustCenter AG, http://www.trustcenter.de
Sonninstr. 24-28, 20097 Hamburg, Germany
Tel.: +49-(0)40 80 80 26 -0, Fax: +49-(0)40 80 80 26 -126
Download attachment "smime.p7s" of type "application/x-pkcs7-signature" (3397 bytes)
Powered by blists - more mailing lists