Comments on: MMap to null http://www.sharms.org/blog/2009/07/fun-stuff/ Life, Linux and Technology Thu, 26 Jan 2012 02:40:20 +0000 hourly 1 http://wordpress.org/?v=3.3.1 By: Felipe http://www.sharms.org/blog/2009/07/fun-stuff/comment-page-1/#comment-6027 Felipe Mon, 28 Nov 2011 01:41:48 +0000 http://www.sharms.org/blog/?p=524#comment-6027 Try to run with root access. Try to run with root access.

]]> By: Jef Spaleta http://www.sharms.org/blog/2009/07/fun-stuff/comment-page-1/#comment-1296 Jef Spaleta Tue, 21 Jul 2009 22:12:18 +0000 http://www.sharms.org/blog/?p=524#comment-1296 @Marcelo: Do you have wine installed? You should read this: http://lwn.net/Articles/342573/ Ubuntu isn't immune to the underlying problem...it just gets exposed in a different way. If someone looking at changing how WINE is packaged in Ubuntu? Maybe they should. -jef @Marcelo:
Do you have wine installed?
You should read this: http://lwn.net/Articles/342573/

Ubuntu isn’t immune to the underlying problem…it just gets exposed in a different way.
If someone looking at changing how WINE is packaged in Ubuntu? Maybe they should.

-jef

]]> By: Marcelo Fernández http://www.sharms.org/blog/2009/07/fun-stuff/comment-page-1/#comment-1295 Marcelo Fernández Sat, 18 Jul 2009 18:58:38 +0000 http://www.sharms.org/blog/?p=524#comment-1295 Uhm... in my Ubuntu 9.04 install (updated) that test gives me the same result as Fedora 11: marcelo@marcelo-notebook:~$ ./a.out We can write to memory location 0 Memory contents: This is a test marcelo@marcelo-notebook:~$ uname -a Linux marcelo-notebook 2.6.28-13-generic #45-Ubuntu SMP Tue Jun 30 22:12:12 UTC 2009 x86_64 GNU/Linux marcelo@marcelo-notebook:~$ Uhm… in my Ubuntu 9.04 install (updated) that test gives me the same result as Fedora 11:

marcelo@marcelo-notebook:~$ ./a.out
We can write to memory location 0
Memory contents: This is a test

marcelo@marcelo-notebook:~$ uname -a
Linux marcelo-notebook 2.6.28-13-generic #45-Ubuntu SMP Tue Jun 30 22:12:12 UTC 2009 x86_64 GNU/Linux
marcelo@marcelo-notebook:~$

]]> By: sharms http://www.sharms.org/blog/2009/07/fun-stuff/comment-page-1/#comment-1294 sharms Fri, 17 Jul 2009 22:03:13 +0000 http://www.sharms.org/blog/?p=524#comment-1294 Brad - Thanks for the info, great find by the way Brad – Thanks for the info, great find by the way

]]> By: spender http://www.sharms.org/blog/2009/07/fun-stuff/comment-page-1/#comment-1293 spender Fri, 17 Jul 2009 21:48:47 +0000 http://www.sharms.org/blog/?p=524#comment-1293 Your results have to do with the SELinux vulnerability I discuss in the exploit and elsewhere (like LWN), not GCC. Both SELinux and the mmap_min_addr protection are implemented using LSM. They each have implement a hook on mmap, but only one of them can be active at a time. SELinux overrides the hook of mmap_min_addr, and then combined with the ridiculous default policy of allowing everyone to mmap at 0, you now have a security system that when enabled is actually making your system open to a large class of kernel vulnerabilities that would otherwise be unexploitable on the default kernel. -Brad Your results have to do with the SELinux vulnerability I discuss in the exploit and elsewhere (like LWN), not GCC. Both SELinux and the mmap_min_addr protection are implemented using LSM. They each have implement a hook on mmap, but only one of them can be active at a time. SELinux overrides the hook of mmap_min_addr, and then combined with the ridiculous default policy of allowing everyone to mmap at 0, you now have a security system that when enabled is actually making your system open to a large class of kernel vulnerabilities that would otherwise be unexploitable on the default kernel.

-Brad

]]>