- Open Source News Forums
- > Hole in Linux kernel provides root right...
- > 'workaround' DOES NOT PREVENT EXPLOIT
Posting 
- Thread
- Reply
- New Topic
- Show Thread
'workaround' DOES NOT PREVENT EXPLOIT 17 September 2010 19:41
Workaround does *NOT* work.
I tried the robert_you_suck.c exploit on a 64bit Debian system
running latest 2.6.35.4 kernel and it worked.
I then mounted binfmt_misc up and applied the alleged workaround and
the exploit still worked.
I confirmed that with the 'workaround' applied I cannot run a 32bit
binary, but can run that same binary without the 'workaround'.
The robert_you_suck.c doesn't even compile with -m32, so of course I
compiled it without and got a 64 bit binary that works to exploit
this hole:
$ file robert_you_suck
robert_you_suck: ELF 64-bit LSB executable, x86-64, version 1 (SYSV),
dynamically linked (uses shared libs), for GNU/Linux 2.6.8, not
stripped
$ ./robert_you_suck
resolved symbol commit_creds to 0xffffffff81048cf7
resolved symbol prepare_kernel_cred to 0xffffffff81048bee
mapping at 3f80000000
UID 0, EUID:0 GID:0, EGID:0
- Posting
- Thread
- Reply
- New Topic
- Show Thread
- Threaded View
- Flat View