lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <1553309.1035506876819.JavaMail.root@172.16.100.50>
From: enigmatic-arcanum at another.com (enigmatic-arcanum@...ther.com)
Subject: Re: ABfrag followup / WITHOUT ATTACHMENT

>As for the gateway machine itself; it was running no server processes and
>has very little client activity - only the occasional reboot or reconfiguration.
>We had installed the 'grsec' security patch and had enabled non-executable
>user pages as a precaution against intrustion. Due to performance hits, however,
>we had not enabled ET_DYN or non-executable kernel pages.
>

Oh, you're confident that openwall-alike patches will solve your problem ? good.

I wouldn't consider installing grsecurity in order to overcome this specific matter, here goes some hints:

1. Openwall-alike patches will certainly not do anything against this problem. Take alook at the patch:

 #ifdef CONFIG_GRKERNSEC_STACK
 /* Check if it was return from a signal handler */
         if ((regs->xcs & 0xFFFF) == __USER_CS)
         if (*(unsigned char *)regs->eip == 0xC3)
<....>

does __USER_CS rings a bell? it stands for "USER CODE SEGMENT", i still don't *clearly* see any __KERNEL_CS in there :-)

Based on my previous post, which for some reason have not been moderated by our bugtraq' hangman^H^H^H^H^H^H^Hmoderator, for those wondering what was in there take a look here: http://lists.netsys.com/pipermail/full-disclosure/2002-October/002577.html

2. I would have the feeling that the vulnerability existed on grsecurity rather than on Linux (hint ;-)

3. Even if you had non-exec stack turned on, you wouldn't for sure have non-exec heap and none of the underground descriptions of this aparent vulnerability mentions stack or heap, so in resume, you're as vulnerable with the patch or without it, unless my above hint holds true. ;-)

>Yours,
>Daniel Roberts
>Head Network Manager

--
Enigmatic Arcanum


--
Personalised email by http://another.com

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ