Re: local root exploit
Hi!
> Christophe Chisogne a écrit :
> > Vladislav Kurz a écrit :
> >
> >> mount -t tmpfs tmpfs /dev/shm
> >
> > With or without that, it fails with
>
> Oups, I'm sorry, it really works, with /dev/shm mounted :(
> but for about 10% of executions. (yes, 'again' was the keyword)
>
> > Tested with 2.4.27-1-686 (2004-09-03)
> > compiled with gcc (GCC) 3.3.5 (Debian 1:3.3.5-5)
> > and 2.4.27 kernel headers
> > (-I/usr/src/kernel-source-2.4.27/include/)
I tried this too on a
Linux **** 2.4.23 #10 SMP Sat Jan 3 15:31:27 CET 2004 i686 GNU/Linux
and a
Linux **** 2.4.27 #1 Wed Dec 22 11:28:59 CET 2004 i686 GNU/Linux
machine and it didn't work on either. Even not when trying multiple
times.
I want to warn you because both machines got hurt. Type dmesg and see
that messages like
__alloc_pages: 0-order allocation failed (gfp=0x1d2/0)
are there. Additionally, and this is more harmful, lines like these
VM: killing process elflbl
VM: killing process syslog-ng
VM: killing process inetd
VM: killing process nmbd
VM: killing process bash
show that the memory manager killed some processes to free memory for
elflbl. I'm not sure if this happend when I ran elflbl as root
(accidentially) or as normal user but I guess on both.
Bye
Hansi
--
Johann Glaser <Johann.Glaser@gmx.at>
Vienna University of Technology
Electrical Engineering
____ http://www.johann-glaser.at/ ____
Reply to: