Kernel release status, StackProtector
Posted Sep 26, 2009 12:57 UTC (Sat) by mingo
In reply to: Kernel release status
Parent article: Kernel release status
Ingo, always the one to come up with the contrived examples to save
There's no need for me to save face - my face is blushing deep red from having let that hole slip through - i should do better than that.
I take your reply as a confirmation that CONFIG_CC_STACKPROTECTOR=Y indeed stops your exploit dead in its tracks - good to hear independent confirmation of such things.
FYI, a number of distributions that care about security features have CONFIG_CC_STACKPROTECTOR=Y enabled by default, such as Fedora:
spirit:~> grep STACKPROT /boot/config-2.6.31-0.204.rc9.fc12.x86_64
So the bug is not exploitable on those distros.
Whether distributions are exploitable is a relevant piece of information: it influences how urgently a system administrator upgrades a kernel. A local root exploit is treated at a different severity level from a local DoS in most places. You probably know that.
That does not make it in any way better or worse kind of bug - it simply adds to the pool of information about this bug and about the exploit - a piece of information you either did not know about or which you chose not to disclose.
to post comments)