> No. It SHOULD not be kernel option. Linus already said final verdict on
> subject: no way for standard kernel. If you are scilled enough to apply
> patch you at least not newbee, who thinks "hey, it's some security tool...
> I my enable it just in case". And Linus personally thinks that subj will
> not improve security much (he showed idea how to convert "normal" exploit
> in "unxecutable stack" exploit if I recall correcly). It's general technique:
> (when standard glibc is used: you DO NOT NEED TO EXECUTE anything except
> ONE syscall to make /bin/sh suid -- you just push arguments for
> libc's internal function __chmod in buffer, push return address for
> __chmod there (with right offset, of course) and viala: you have suid /bin/sh
> to start with (server will crash afterwards but it's other story). Is it REALLY
> that harder then playing tricks with executable stack ? Or all you vulnerable
> daemons are not using shared libc ??? Get real.
Actually, all my shared libs are mapped to an address containing 0x00,
they are thus useless in a stack attack. This is a feature of the patch.
You need to shut your mouth and stop fighting a patch when you obviously
havn't even expended the time to read the FAQ that goes with it.
Such willful ignorance does not bode well for your credibility on this
matter.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/