|
Bugtraq
mailing list archives
Re: Hot fix for do_brk bug
From: Goetz Babin-Ebell <babin-ebell () trustcenter de>
Date: Fri, 05 Dec 2003 22:31:27 +0100
Hello Shane,
canon () nersc gov wrote:
I've written a linux kernel module that can be used to hot fix a
Linux system for the bug in do_brk. It scans the
kernel space and replaces jmp and calls to do_brk
to point to a wrapper routine instead. It also maps
the symbol table to point to the wrapper. This only
works on x86 and it has only been tested with RH kernels
2.4.18-27.7.xsmp and 2.4.20-20.7smp. It is quite possible
this could crash or screw-up a system, so use at your own
risk. I've tested the module against the proof of concept code
written and posted by Christophe Devine. The module catches
the exploit and logs the attempt.
It would be less intrusive to the kernel to supply a fixed do_brk()
and replace the do_brk with a jump to your version.
This way you only have to touch one place
in the kernel space (and no guesswork, no modify
of kernel data that might look like a pointer to do_brk()
but is really something else...)
Bye
Goetz
--
Goetz Babin-Ebell, TC TrustCenter AG, http://www.trustcenter.de
Sonninstr. 24-28, 20097 Hamburg, Germany
Tel.: +49-(0)40 80 80 26 -0, Fax: +49-(0)40 80 80 26 -126
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
 By Date 
By Thread
Current thread:
| 
Intro
