Re: Kernel 2.4 ioperm
On Fri, May 23, 2003 at 04:16:22PM +0200, Steffen Schulz wrote:
>
> Am I right that a local User is able to crash the system
> by putting evil data into these mysterious I/O-Ports?
I'm not sure, but I don't *think* that the attacker is free to
chose any target port.
> Is privilege escalation possible?
According to the grsec guys, if you've obtained access to IO
ports, everything is possible.
> Is this exploitable out of a chroot-jail(ssh,postfix)?
Unprivileged processes can't call ioperm() (and jailed programs
are usually unprivileged anyway)
> Are there any workarounds
Remove CAP_SYS_RAWIO from the global capability bounding set.
Then restart your sensitive services.
> or do I have to compile rc3?
Beware, the fix in -rc3 is broken.
The original one is here:
http://linux.bkbits.net:8080/linux-2.4/diffs/arch/i386/kernel/ioport.c@1.2?nav=index.html|ChangeSet@-1d|cset@1.1213
You'll find the fix for the fix here:
http://marc.theaimsgroup.com/?l=linux-kernel&m=105368405504595&w=2
bit,
adam
--
1024D/37B8D989 954B 998A E5F5 BA2A 3622 82DD 54C2 843D 37B8 D989
finger://borso@vekoll.vein.hu | Some days, my soul's confined
http://www.keyserver.net | And out of mind
Sleep forever
Reply to: