Re: [DSA 1494-1] Still vulnerable?

From: Jens Schüßler <jgs(at)trash.net>
Date: Tue Feb 12 2008 - 16:25:02 EST

• Michel Messerschmidt <lists@michel-messerschmidt.de> wrote:
  > On Tue, Feb 12, 2008 at 09:18:30PM +0100, Jens Schüßler wrote:
  > > * Florian Weimer <fw@deneb.enyo.de> wrote:
  > > > Not in our tests. Are you sure you're running the new kernel? What
  > > > does "uname -a" say?
  > > $uname -a
  > > Linux algol 2.6.18+2008-02-12 #1 Tue Feb 12 16:49:10 CET 2008 i686 GNU/Linux
  > >
  > > As I said, fresh compiled from the new sources-Packet
  >
  > You did extract the sources from the new linux-source-*.tar.bz2 ?
  

Sure. I even deleted the old /usr/src/linux-2.6.18 directory before I extracted the new ones.

> How do you build the new image?

make-kpkg --rootcmd fakeroot --append-to-version=+`date / --rfc-3339=date` --revision=Custom.5.0 kernel_image

$zcat /usr/share/doc/linux-image-2.6.18+2008-02-12/buildinfo.gz binutils-2.17-3
dpkg-1.13.25
dpkg-dev-1.13.25

gcc-4.1.1-15
gcc-3.3-base-3.3.6-15
gcc-3.4-base-3.4.6-5
gcc-4.1-4.1.1-21
gcc-4.1-base-4.1.1-21

libc6-2.3.6.ds1-13etch4
libc6-dev-2.3.6.ds1-13etch4
make-3.81-2
perl-5.8.8-7etch1
this was built on a machine with the kernel: Linux algol 2.6.18+2007-05-13 #1 Sun May 13 14:52:11 CEST 2007 i686 GNU/Linux using the compiler:
gcc version 4.1.2 20061115 (prerelease) (Debian 4.1.1-21) kernel source package used:
linux-source-2.6.18-2.6.18.dfsg.1-18etch1 applied kernel patches:
>

At the moment I'm building this kernel once more, after downloading the source again and doing all the above steps and see if I can reproduce it.

With todays 2.6.22 sources from bpo the whole thin works like it should

---

 Linux vmsplice Local Root Exploit
 By qaaz

---

[+] mmap: 0x0 .. 0x1000
[+] page: 0x0
[+] page: 0x20
[+] mmap: 0x4000 .. 0x5000
[+] page: 0x4000
[+] page: 0x4020
[+] mmap: 0x1000 .. 0x2000
[+] page: 0x1000
[+] mmap: 0xb7d8a000 .. 0xb7dbc000
[-] vmsplice: Bad address

Received on Tue Feb 12 16:26:36 2008