On 17 April 2010 08:41, jdow <jdow@xxxxxxxxxxxxx> wrote: > From: "Patrick O'Callaghan" <pocallaghan@xxxxxxxxx> > Sent: Friday, 2010/April/16 22:49 >> Which of the vulnerabilities discussed on the kernel list is >> communicable via an email message in such a way as to compromise the >> security of the target system without manual intervention on the part of >> its user? Please be specific. > > Here is a non-LKML reference with a full explanation of the problem: > Some background: > http://blog.ksplice.com/2010/03/null-pointers-part-i/ > How to exploit it: > http://blog.ksplice.com/2010/04/exploiting-kernel-null-dereferences/ > > The exploit can be delivered through email and introduced into the > machine via targeted social engineering. If you can be tricked into > allowing it to run, you're toast. ANY means of getting into the > machine and having code execute is sufficient to allow the exploit > to run within the kernel at kernel privilege. Read the page more carefully. Particularly the comments. ------------- Nelson Elhage says: April 13, 2010 at 12:35 pm .... After all the NULL pointer vulnerabilities last year, every major distro has now turned mmap_min_addr on by default. So if you need to run old DOS programs in Wine you can still change it, but it should be much harder to exploit these things by default. .... ------------- ------------- Nelson Elhage says: April 14, 2010 at 9:54 am Tomoe: I believe that, on recent kernels, SELinux blocks mmap’ing the zero page separately from the mmap_min_addr mechanism. You should be able to disable this protection for the purposes of experimentation by running setsebool -P mmap_low_allowed 1 as root. ------------- -- Sam -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines