RE: [suse-security] ulimit -v workaround for the do_brk() bug does not work
Erik Hensema <erik@hensema.net> wrote:
Hi Erik, Roman in hiw original post suggested two other things needed to be done to install this work around: Add the line ulimit -v 2097151 as the second lines of /etc/init.d/rc and /etc/profile, and then execute the command itself in your shell and then restart all daemons that allow logins (xdm, sshd, inetd/xinetd, ...). Alternatively, simply reboot after adding the lines to above files: Roman said this workaround is Courtesy of Solar Designer. (Note: The reboot is in lieu of restarting all daemons and not the editing of /etc/init.d/rc and /etc/profile.) Further Note: the above limit -v # was changed to reflect Roaman's second post.) It would be best to Read, the entire thread "RE: [suse-security] Bugs on Kernel 2.4" at: http://lists.suse.com/archive/suse-security/2003-Dec/ Redhat has already put up their patch rpm, I suspect SuSe's will be up soon, making this work around moot. Hope this helps, Gar -- In the Beginning was the Command Line ---Neal Stephenson -- __________________________________________________________________ McAfee VirusScan Online from the Netscape Network. Comprehensive protection for your entire computer. Get your free trial today! http://channels.netscape.com/ns/computing/mcafee/index.jsp?promo=393397 Get AOL Instant Messenger 5.1 free of charge. Download Now! http://aim.aol.com/aimnew/Aim/register.adp?promo=380455
On Wed, Dec 03, 2003 at 05:22:36PM -0500, GarUlbricht7@netscape.net wrote:
[snip]
Thanks, I've read it. Setting a ulimit unfortunately only fixes one of three possible attacks on do_brk(). I must warn everybody NOT to rely on this workaround! It simply does not protect your system at all. Installing a patched kernel and rebooting is the only option. -- Erik Hensema (erik@hensema.net)
On Wed, Dec 03, 2003 at 05:22:36PM -0500, GarUlbricht7@netscape.net wrote:
[snip]
Thanks, I've read it. Setting a ulimit unfortunately only fixes one of three possible attacks on do_brk(). I must warn everybody NOT to rely on this workaround! It simply does not protect your system at all. Installing a patched kernel and rebooting is the only option. -- Erik Hensema (erik@hensema.net)
participants (2)
-
Erik Hensema
-
GarUlbricht7@netscape.net