Re: Heads up on local root escalation

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On 12/05/14 22:11, Keith Keller wrote:
> On 2014-05-12, Akemi Yagi <amyagi@xxxxxxxxx> wrote:
>>
>> According to the upstream BZ 1094232, there is a patch from kernel.org:
>>
>> https://git.kernel.org/cgit/linux/kernel/git/gregkh/tty.git/commit/?h=tty-linus&id=4291086b1f081b869c6d79e5b7441633dc3ace00
>
> Actually, I was wondering about mitigation along the lines of
> blacklisting a module, tuning a sysctl parameter, or some other
> mitigation that wouldn't require a new kernel.  Perhaps such mitigation
> isn't even possible with this issue.
>
> --keith
>
>

Not specific to this issue, but you might like to look at TPE (kmod-tpe) 
available at elrepo.org.

http://elrepo.org/tiki/kmod-tpe

Trusted Path Execution (TPE) is a kernel module that prevents users from 
executing
programs that are not owned by root, or are writable. This effectively 
blocks users (or compromised accounts) from executing code to exploit 
vulnerabilities such as this.

  For example, taken from the README:

* Trusted Path Execution; deny execution of non-root owned or writable 
binaries

   $ gcc -o exploit exploit.c
   $ chmod 755 exploit
   $ ./exploit
   -bash: ./exploit: Permission denied

   $ dmesg | tail -n1
   [tpe] Denied untrusted exec of /home/corey/exploit (uid:500) by /bin/bash
   (uid:500), parents: /usr/sbin/sshd (uid:500), /usr/sbin/sshd (uid:0),
   /sbin/init (uid:0). Deny reason: directory uid not trusted




_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos




[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux