Re: [suse-security] ulimit -v workaround for the do_brk() bug does not work

On Wed, Dec 03, 2003 at 05:22:36PM -0500, GarUlbricht7@netscape.net wrote:

Erik Hensema wrote:

...

Hi,

Maybe this has been discussed earlier today on this list, but I've just joined it.

I was told that doing a 'limit -v 2097151' would work around the do_brk() bug. Unfortunately it does not :-(

The sample exploit posted on bugtraq manages to reboot my SuSE 8.2 machine (standard kernel) despite the ulimit.

Roman in hiw original post suggested two other things needed to be done to install this work around:

Add the line

ulimit -v 2097151

[snip]

It would be best to Read, the entire thread "RE: [suse-security] Bugs on Kernel 2.4" at: http://lists.suse.com/archive/suse-security/2003-Dec/

Thanks, I've read it. Setting a ulimit unfortunately only fixes one of three possible attacks on do_brk(). I must warn everybody NOT to rely on this workaround! It simply does not protect your system at all. Installing a patched kernel and rebooting is the only option. -- Erik Hensema (erik@hensema.net)