Re: 2.6.1-rc1 affected?

[Jonathan Higdon]

On Tue, 6 Jan 2004, [iso-8859-1] szonyi calin wrote:

>  --- Jesper Juhl <juhl-lkml@xxxxxx> a écrit : >
> > On Tue, 6 Jan 2004, Max Valdez wrote:
> >
> > > At least it hangs a redhat 7.2 kernel
> > >
> > > I will test it further tomorrow, but it looks like a good
> > proof to me
> > >
> > > > >
> > > > > > There _is_ an exploit:
> > > http://isec.pl/vulnerabilities/isec-0013-mremap.txt
> > > > > > "Since no special privileges are required to use the
> > mremap(2)
> > > system
> > > > > ...
> > > > >
> > > > > I will not believe the claim until I've seen the code.
> > > >
> > > > Not sure if this works or not.
> > > > According to a slashdot comment this is proof of concept
> > code.
> > > >
> > > > http://linuxfromscratch.org/~devine/mremap_poc.c
> > > >
> > > > Regards,
> > > >
> > > > Bastiaan
> > > >
> >
> > On my box that program is a very effective 'instant reboot'.
> >
>
> on mine just a segfault :-)
> sony@grinch -04:47:32- 0 jobs, ver 2.05b.0 3
>  /~/schule $ gcc -o mremap_poc mremap_poc.c
> sony@grinch -04:47:35- 0 jobs, ver 2.05b.0 3
>  /~/schule $ ./mremap_poc
> Segmentation fault
>
> > The instant I ran it from a xterm my screen went black, the
> > music I was
> > listening to from a CD stopped and the machine rebooted.
> > The running kernel was 2.6.1-rc1-mm1
> >
>
> maybe you were running the program as root ?

I tried it on 2.6.0 as a regular user and got an instant reboot.
stracing it showed the faults and the system was unusable after that :)

~jon
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/