Bug#464953: Amd64 hotfix
> I modified the hotfix so it will also patch compat_sys_vmsplice, which
> would be important on amd64 boxen with x86 compatibility enabled.
Once again: The "hotfix" and also your modification are stupid, stupid,
stupid and dangerous. The "hotfix" first attempts to try the exploit and
this corrupts kernel memory. It is very likely that your system will
crash shortly after and numerous people have reported that the "hotfix"
just has that result either instantaneous or after a short while.
Also while overwriting the vmsplice syscall with a "ret" will prevent
the hole from being abused, this will also confuse software which wants
to use the vmsplice call. At least one should return with a error. I'm
not sure if there is any software in normal use which uses vmsplice but
keep this in mind.
And finally: If you really really want to use this kind of fix, why
don't you just get rid of all the dangerous exploit code and only keep
the code from inside the "de_exploit()" function and then call this
code as root? This would do the job without causing memory corruption.
But the best fix still is to just install a updated kernel and reboot.
As said, you will anyway (but at a random time), at least when using
this stupid "hotfix" which destroys your kernel memory. There might be
systems which cannot be rebooted right now, but i most cases i feel
that people who wan't to apply such a hotfix instead of deploying a
clean solution are just lazy.
Regards
Michael
--
It's an insane world, but i'm proud to be a part of it. -- Bill Hicks
Reply to: