"Stable" kernel 2.6.25.6
"Stable" kernel 2.6.25.6
Posted Jun 10, 2008 15:10 UTC (Tue) by spender (guest, #23067)In reply to: "Stable" kernel 2.6.25.6 by jengelh
Parent article: Stable kernel 2.6.25.6
I guess you didn't read the entire post. The protection you mention was trivially bypassable for half a year after its existence. It breaks legitimate applications and won't be in use everywhere. It also covers only one type of a more general class of bugs. For these others, it can do nothing. Examples of this include the recent vmsplice exploit on amd64 (see the comment by the PaX team at http://lwn.net/Articles/271688/) or dereferencing of poisoned pointers (see http://lkml.org/lkml/2008/5/9/90). BTW the vulnerability in the "protection" was known by me since its inception. As proof, find the date of the mention of 3812e371986ad24ace67bab90fd07ca4 in http://www.redhatmagazine.com/2007/05/04/whats-new-in-sel... 3812e371986ad24ace67bab90fd07ca4 is a hash of the following text (referring to the protection developed by Red Hat): "it's too bad that it's trivially bypassed via expand_stack :) this will be funny in a couple months" -Brad
Posted Jun 12, 2008 21:36 UTC (Thu)
by man_ls (guest, #15091)
[Link] (1 responses)
Posted Apr 23, 2009 23:21 UTC (Thu)
by spender (guest, #23067)
[Link]
spender@www:~$ cat selinux_null
I always wondered how people did that hashing. How can I verify your md5sum? I tried:
Md5sum
$ echo "it's too bad that it's trivially bypassed via expand_stack :) this will be funny in a couple months" | md5sum -
99338d8cf862f8ecf421c05b054a00c2 -
No luck...
Md5sum
it's too bad that it's trivially bypassed via expand_stack :) this will
be funny in a couple months
spender@www:~$ md5sum ./selinux_null
3812e371986ad24ace67bab90fd07ca4 ./selinux_null
spender@www:~$