RE: [suse-security] ulimit -v workaround for the do_brk() bug does not work
Erik Hensema
Hi,
Maybe this has been discussed earlier today on this list, but I've just joined it.
I was told that doing a 'limit -v 2097151' would work around the do_brk() bug. Unfortunately it does not :-(
The sample exploit posted on bugtraq manages to reboot my SuSE 8.2 machine (standard kernel) despite the ulimit.
-- Erik Hensema (erik@hensema.net)
Hi Erik, Roman in hiw original post suggested two other things needed to be done to install this work around: Add the line ulimit -v 2097151 as the second lines of /etc/init.d/rc and /etc/profile, and then execute the command itself in your shell and then restart all daemons that allow logins (xdm, sshd, inetd/xinetd, ...). Alternatively, simply reboot after adding the lines to above files: Roman said this workaround is Courtesy of Solar Designer. (Note: The reboot is in lieu of restarting all daemons and not the editing of /etc/init.d/rc and /etc/profile.) Further Note: the above limit -v # was changed to reflect Roaman's second post.) It would be best to Read, the entire thread "RE: [suse-security] Bugs on Kernel 2.4" at: http://lists.suse.com/archive/suse-security/2003-Dec/ Redhat has already put up their patch rpm, I suspect SuSe's will be up soon, making this work around moot. Hope this helps, Gar -- In the Beginning was the Command Line ---Neal Stephenson -- __________________________________________________________________ McAfee VirusScan Online from the Netscape Network. Comprehensive protection for your entire computer. Get your free trial today! http://channels.netscape.com/ns/computing/mcafee/index.jsp?promo=393397 Get AOL Instant Messenger 5.1 free of charge. Download Now! http://aim.aol.com/aimnew/Aim/register.adp?promo=380455
On Wed, Dec 03, 2003 at 05:22:36PM -0500, GarUlbricht7@netscape.net wrote:
Erik Hensema
wrote: Hi,
Maybe this has been discussed earlier today on this list, but I've just joined it.
I was told that doing a 'limit -v 2097151' would work around the do_brk() bug. Unfortunately it does not :-(
The sample exploit posted on bugtraq manages to reboot my SuSE 8.2 machine (standard kernel) despite the ulimit.
Roman in hiw original post suggested two other things needed to be done to install this work around:
Add the line
ulimit -v 2097151
[snip]
It would be best to Read, the entire thread "RE: [suse-security] Bugs on Kernel 2.4" at: http://lists.suse.com/archive/suse-security/2003-Dec/
Thanks, I've read it. Setting a ulimit unfortunately only fixes one of three possible attacks on do_brk(). I must warn everybody NOT to rely on this workaround! It simply does not protect your system at all. Installing a patched kernel and rebooting is the only option. -- Erik Hensema (erik@hensema.net)
participants (2)
-
Erik Hensema
-
GarUlbricht7@netscape.net