Kermit Mei wrote:
Hello, community. Maybe most of you have heard that there's a bug in vmsplice(2), the local user can get the root's exploit easily. This is the test in my machine:
----------------------------------- Linux vmsplice Local Root Exploit By qaaz ----------------------------------- [+] mmap: 0x0 .. 0x1000 [+] page: 0x0 [+] page: 0x20 [+] mmap: 0x4000 .. 0x5000 [+] page: 0x4000 [+] page: 0x4020 [+] mmap: 0x1000 .. 0x2000 [+] page: 0x1000 [+] mmap: 0xb7ed3000 .. 0xb7f05000 [+] root
Yep, verified that 2.6.24.2 and 2.6.25-rc1 here do not have the problem: lucy: /home/jjs (tty/dev/pts/0): bash: 1001 > ./a.out ----------------------------------- Linux vmsplice Local Root Exploit By qaaz ----------------------------------- [+] mmap: 0x0 .. 0x1000 [+] page: 0x0 [+] page: 0x20 [+] mmap: 0x4000 .. 0x5000 [+] page: 0x4000 [+] page: 0x4020 [+] mmap: 0x1000 .. 0x2000 [+] page: 0x1000 [+] mmap: 0xb7dab000 .. 0xb7ddd000 [-] vmsplice: Bad address lucy: /home/jjs (tty/dev/pts/0): bash: 1002 > uname -a Linux lucy 2.6.24.2-default #1 SMP Mon Feb 11 11:15:10 PST 2008 i686 i686 i386 GNU/Linux -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org