[rsbac] Fwd: Re: Will 2.4.20 Source be patched for the latest
kernel vulnerability?
Amon Ott
ao at rsbac.org
Tue Dec 2 14:25:47 CET 2003
On Dienstag, 2. Dezember 2003 14:15, Amon Ott wrote:
> Just found a workaround for the 2.4 sys_brk bug. It seems sufficient to
limit
> the address space to max. 2GB, e.g. using RSBAC RES module:
>
> As secoff etc:
> - start rsbac_user_menu
> - Choose RES default user
> - Select RES max resources
> - Set AS resource e.g. to 2000000000 (2 with 9 zeroes = 2GB)
>
> Best solution is of course the patch.
This workaround is also not sufficient, although it helps against some
attacks. Please read http://isec.pl/vulnerabilities/isec-0012-do_brk.txt
It is strongly recommended to patch or to update! Please realize that this bug
is not a root, but a kernel exploit, so there is no protection!
Amon.
--
http://www.rsbac.org - GnuPG: 2048g/5DEAAA30 2002-10-22
More information about the rsbac
mailing list