Re: [DSA 1494-1] Still vulnerable?

[Jens Schüßler <jgs@trash.net>]

* Michel Messerschmidt <lists@michel-messerschmidt.de> wrote:
> On Tue, Feb 12, 2008 at 09:18:30PM +0100, Jens Schüßler wrote:
> > * Florian Weimer <fw@deneb.enyo.de> wrote:
> > > Not in our tests.  Are you sure you're running the new kernel?  What
> > > does "uname -a" say?
> > $uname -a
> > Linux algol 2.6.18+2008-02-12 #1 Tue Feb 12 16:49:10 CET 2008 i686 GNU/Linux
> > 
> > As I said, fresh compiled from the new sources-Packet
> 
> You did extract the sources from the new linux-source-*.tar.bz2 ?

Sure. I even deleted the old /usr/src/linux-2.6.18 directory before I
extracted the new ones.

> How do you build the new image?


make-kpkg --rootcmd fakeroot  --append-to-version=+`date /
--rfc-3339=date` --revision=Custom.5.0 kernel_image

$zcat /usr/share/doc/linux-image-2.6.18+2008-02-12/buildinfo.gz
binutils-2.17-3
dpkg-1.13.25
dpkg-dev-1.13.25
gcc-4.1.1-15
gcc-3.3-base-3.3.6-15
gcc-3.4-base-3.4.6-5
gcc-4.1-4.1.1-21
gcc-4.1-base-4.1.1-21
libc6-2.3.6.ds1-13etch4
libc6-dev-2.3.6.ds1-13etch4
make-3.81-2
perl-5.8.8-7etch1
this was built on a machine with the kernel:
Linux algol 2.6.18+2007-05-13 #1 Sun May 13 14:52:11 CEST 2007 i686 GNU/Linux
using the compiler:
gcc version 4.1.2 20061115 (prerelease) (Debian 4.1.1-21)
kernel source package used:
linux-source-2.6.18-2.6.18.dfsg.1-18etch1
applied kernel patches:
> 

At the moment I'm building this kernel once more, after downloading the
source again and doing all the above steps and see if I can reproduce
it.

With todays 2.6.22 sources from bpo the whole thin works like it should
-----------------------------------
 Linux vmsplice Local Root Exploit
 By qaaz
-----------------------------------
[+] mmap: 0x0 .. 0x1000
[+] page: 0x0
[+] page: 0x20
[+] mmap: 0x4000 .. 0x5000
[+] page: 0x4000
[+] page: 0x4020
[+] mmap: 0x1000 .. 0x2000
[+] page: 0x1000
[+] mmap: 0xb7d8a000 .. 0xb7dbc000
[-] vmsplice: Bad address