Kernel release status
Posted Sep 26, 2009 10:08 UTC (Sat) by mingo
In reply to: Kernel release status
Parent article: Kernel release status
If such an access control system existed -- yes. I believe seccomp is the only one (by virtue of the fact that it only allows a handful of system calls and can only be used on a tiny subset of specific applications).
Reality is that StackProtector (CONFIG_CC_STACKPROTECTOR=y) makes the bug unexploitable.
Here's what the vanilla v2.6.31 kernel gives if i try to run the exploit you are distributing:
[ 66.928106] Kernel panic - not syncing: stack-protector: Kernel stack is corrupted in: ffffffff810c49d2
[ 66.939059] Pid: 2628, comm: exploit Not tainted 2.6.31 #17228
[ 66.944947] Call Trace:
[ 66.947423] [ffffffff81622ba6] panic+0x84/0x12f
[ 66.952238] [ffffffff810c49d2] ? sys_perf_counter_open+0x660/0x672
[ 66.958729] [ffffffff810500cd] __stack_chk_fail+0x27/0x57
[ 66.964419] [ffffffff810c49d2] sys_perf_counter_open+0x660/0x672
It reduces a local root hole to a DoS. (Which is still a bug of course - just with a different severity.)
to post comments)