From: Petr Baudis <pasky@ucw.cz>
To: Diego Calleja <grundig@teleline.es>,
Robert.L.Harris@rdlg.net, vherva@niksula.hut.fi, ihaquer@isec.pl,
cliph@isec.pl, linux-kernel@vger.kernel.org
Subject: mremap() bug indeed not in 2.2 (confirmed)
Date: Tue, 6 Jan 2004 21:36:35 +0100 [thread overview]
Message-ID: <20040106203635.GP2093@pasky.ji.cz> (raw)
In-Reply-To: <20040105225508.GM2093@pasky.ji.cz>
Dear diary, on Mon, Jan 05, 2004 at 11:55:08PM CET, I got a letter,
where Petr Baudis <pasky@ucw.cz> told me, that...
> Dear diary, on Mon, Jan 05, 2004 at 07:26:07PM CET, I got a letter,
> where Petr Baudis <pasky@ucw.cz> told me, that...
> > Dear diary, on Mon, Jan 05, 2004 at 06:10:53PM CET, I got a letter,
> > where Diego Calleja <grundig@teleline.es> told me, that...
> > > It names 2.2 too. Is there a fix for 2.2?
> >
> > I'm trying to investigate that right now. In 2.2, mremap() doesn't yet
> > take yet the new_addr argument, therefore the "official" 2.4 fix
> > wouldn't apply at all to it. There are four possibilities:
> >
> > * The isec.pl guys just made a mistake.
..snip..
> Actually, after looking at the code again, I'm now quite convinced 2.2
> has not this particular vulnerability. In order for the exploit to work,
> you'd need mremap() to relocate you.
..snip..
> ihaquer, any comments? Is there something we don't know about? If not,
> please correct your announcement.
It seems to be indeed so. This was just posted to bugtraq & co:
Hi,
our initial posting contains a mistake about the vulnerability of the
2.2 kernel series. Since the 2.2 kernel series doesn't support the
MREMAP_FIXED flag it is NOT vulnerable. The source states "MREMAP_FIXED
option added 5-Dec-1999" but it didn't make into recent 2.2.x. We
apologize for inconvenience.
--
Paul Starzetz
iSEC Security Research
http://isec.pl/
Here you go. And I don't need to worry about my 2.2.25-running pets ;-).
Kind regards,
--
Petr "Pasky" Baudis
.
The brain is a wonderful organ; it starts working the moment you get up
in the morning, and does not stop until you get to work.
.
Stuff: http://pasky.or.cz/
prev parent reply other threads:[~2004-01-06 20:36 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-01-05 14:54 mremap bug and 2.4? Robert L. Harris
2004-01-05 15:21 ` Erik Mouw
2004-01-05 15:26 ` Marcelo Tosatti
2004-01-05 15:42 ` Robert L. Harris
2004-01-05 17:10 ` Diego Calleja
2004-01-05 18:23 ` Tomas Szepe
2004-01-05 18:26 ` mremap() bug and 2.2? Petr Baudis
2004-01-05 22:55 ` mremap() bug IMHO not in 2.2 Petr Baudis
2004-01-05 23:36 ` Linus Torvalds
2004-01-05 23:58 ` Valdis.Kletnieks
2004-01-06 0:08 ` Linus Torvalds
2004-01-06 2:14 ` Tomas Szepe
2004-01-06 9:22 ` Martin Loschwitz
2004-01-06 20:36 ` Petr Baudis [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20040106203635.GP2093@pasky.ji.cz \
--to=pasky@ucw.cz \
--cc=Robert.L.Harris@rdlg.net \
--cc=cliph@isec.pl \
--cc=grundig@teleline.es \
--cc=ihaquer@isec.pl \
--cc=linux-kernel@vger.kernel.org \
--cc=vherva@niksula.hut.fi \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox