On Thursday 19 February 2004 17:32, Pavel harry_x Palát wrote: Hi Pavel, > Greetings, > > Here (http://wizard.ath.cx/fixmremap2.tar.gz) is small hotfix for newly > discovered mremap() vulnerability. It > doesn't directly change do_mremap() code, it just overwrites syscall > handler with LKM. In my opinion it is enough to fix just mremap() syscall > because at least on x86 there are no other functions which would use > do_mremap directly. But this may not be true on others platforms (for > example ia64)... > The package contains the hotfix and a small proof of concept program which > can be used to see if kernel is vulnerable. > Use at your own risk. - call the POC exploit on a vulnerable system - echo "1000000" > /proc/sys/vm/max_map_count - call the POC exploit again - see the difference Well, at least it prevents the POC exploit, maybe there's more though. Kudos to the PaX team :) -- ciao, Marc
