lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <41E214E2.6020302@flacid.org>
From: jason at flacid.org (Jason Carr)
Subject: Linux kernel uselib() privilege elevation,
	corrected

Henrik Persson wrote:

> Christian wrote:
>
>> Karol Wiesek schrieb:
>>  > [appelast@...quik appelast]$ ./ex -l ./lib
>>
>>>> [+] SLAB cleanup
>>>>    child 1 VMAs 65527
>>>
>>
>> [...]
>>
>> strange, it does not even compile here:
>>
>> evil@...nz:~/dev/$ gcc -O2 -fomit-frame-pointer elflbl.c -o elflbl
>> elflbl_v108.c: In function `scan_mm_start':
>> elflbl_v108.c:425: error: storage size of `l' isn't known
>> elflbl_v108.c:425: error: storage size of `l' isn't known
>> elflbl_v108.c: In function `check_vma_flags':
>> elflbl_v108.c:545: warning: deprecated use of label at end of compound
>> statement
>
>
> In linux 2.6 the modify_ldt_ldt_s structure is renamed to user_desc. 
> Change that on row 425 and it will compile.
>
Weird... I tried that and I get this:

jason@...rdose [~/vuln] (104) % gcc -O2 -fomit-frame-pointer elflbl.c -o 
elflbl
elflbl.c:89: error: variable-size type declared outside of any function
elflbl.c: In function `make_lib':
elflbl.c:664: error: storage size of 'eh' isn't known
elflbl.c:665: error: storage size of 'eph' isn't known
elflbl.c:666: error: storage size of 'tmpbuf' isn't constant
elflbl.c:680: error: invalid application of `sizeof' to incomplete type 
`elf_phdr'
elflbl.c:666: error: size of variable 'tmpbuf' is too large


Powered by blists - more mailing lists