[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: local root exploit


> Christophe Chisogne a écrit :
> > Vladislav Kurz a écrit :
> > 
> >> mount -t tmpfs tmpfs /dev/shm
> > 
> > With or without that, it fails with
> Oups, I'm sorry, it really works, with /dev/shm mounted :(
> but for about 10% of executions. (yes, 'again' was the keyword)
> > Tested with 2.4.27-1-686 (2004-09-03)
> > compiled with gcc (GCC) 3.3.5 (Debian 1:3.3.5-5)
> > and 2.4.27 kernel headers
> > (-I/usr/src/kernel-source-2.4.27/include/)

I tried this too on a
  Linux **** 2.4.23 #10 SMP Sat Jan 3 15:31:27 CET 2004 i686 GNU/Linux
and a 
  Linux **** 2.4.27 #1 Wed Dec 22 11:28:59 CET 2004 i686 GNU/Linux
machine and it didn't work on either. Even not when trying multiple

I want to warn you because both machines got hurt. Type dmesg and see
that messages like
  __alloc_pages: 0-order allocation failed (gfp=0x1d2/0)
are there. Additionally, and this is more harmful, lines like these
  VM: killing process elflbl
  VM: killing process syslog-ng
  VM: killing process inetd
  VM: killing process nmbd
  VM: killing process bash
show that the memory manager killed some processes to free memory for
elflbl. I'm not sure if this happend when I ran elflbl as root
(accidentially) or as normal user but I guess on both.


Johann Glaser   <Johann.Glaser@gmx.at>
   Vienna University of Technology
       Electrical Engineering
____ http://www.johann-glaser.at/ ____

Reply to: