From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail.messaging.ch (exsmtp01.agrinet.ch [81.221.250.200]) by robin.gentoo.org (8.13.4/8.13.4) with ESMTP id j4DG6Rlp028986; Fri, 13 May 2005 16:06:30 GMT Received: from mail pickup service by mail.messaging.ch with Microsoft SMTPSVC; Fri, 13 May 2005 17:58:28 +0200 Received: from robin.gentoo.org ([140.105.134.102]) by mail.messaging.ch with Microsoft SMTPSVC(6.0.3790.211); Fri, 13 May 2005 16:45:06 +0200 Received: from robin.gentoo.org (localhost [127.0.0.1]) by robin.gentoo.org (8.13.4/8.13.4) with SMTP id j4DEgddj016545; Fri, 13 May 2005 14:42:39 GMT Received: from rproxy.gmail.com (rproxy.gmail.com [64.233.170.200]) by robin.gentoo.org (8.13.4/8.13.4) with ESMTP id j4DEgcJE007902 for ; Fri, 13 May 2005 14:42:38 GMT Received: by rproxy.gmail.com with SMTP id j1so364309rnf for ; Fri, 13 May 2005 07:42:45 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=RN9APnaaSOrJDsQIOYeqKzn/EwfR7/Rr1mw32JrEn6qEzIGQSuJrpSfij7vEigVUwtw9t295rRk8sEAmwFsx7tzvaL09Hk8kTPO5j9Btllsc1AmcJGCXjSVfG+D/gVYg+tkcrl3f2G097KNsw+hSFQbNPa2bmi3P09U/Yx+DZKg= Received: by 10.11.116.69 with SMTP id o69mr49458cwc; Fri, 13 May 2005 07:42:45 -0700 (PDT) Received: by 10.11.116.73 with HTTP; Fri, 13 May 2005 07:42:45 -0700 (PDT) Message-ID: Date: Fri, 13 May 2005 15:42:45 +0100 From: Miguel Filipe To: gentoo-hardened@lists.gentoo.org Subject: [gentoo-security] Re: [gentoo-hardened] about the recent ELF kernel bug Cc: gentoo-security@lists.gentoo.org, grsecurity@grsecurity.net In-Reply-To: <200505131509.26750.pjvenda@arrakis.dhis.org> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-security@gentoo.org Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-hardened@gentoo.org Reply-to: gentoo-hardened@lists.gentoo.org Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Disposition: inline References: <200505131509.26750.pjvenda@arrakis.dhis.org> Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by robin.gentoo.org id j4DEgcJE007902 X-OriginalArrivalTime: 13 May 2005 14:45:06.0680 (UTC) FILETIME=[5AB5C780:01C557CA] X-Archives-Salt: f9d46859-18e6-42ff-b280-59d5cd3aa5f9 X-Archives-Hash: 62be85744adc7954e9b82215aca88bc9 Hi there, On 5/13/05, Pedro Venda wrote: > hi everyone, > > Has anyone got a clue on how should the proof of concept code behave on > vulnerable and not vulnerable machines? > > On a PaX+grsecurity hardened server, it outputs: > > [+] ./elfcd1 argv_start=0xb47b23d4 argv_end=0xb47b23dc ESP: 0xb47b1890 > [+] phase 1 > [+] AAAA argv_start=0xb5e0442e argv_end=0xb5e04432 ESP: 0xb5e03930 > [+] phase2, to crash Killed > > and doesn't core-dump. Also it doesn't warn about the segmentation violation > process in the logs... > > On my laptop, a test server and 2 other workstations (standard 2.6.11.5-8 > kernels) results are consistent but different from the hardened server: > pjlv@archon test $ ./elfcd1 > > [+] ./elfcd1 argv_start=0xbfffeff7 argv_end=0xbfffefff ESP: 0xbfffedb0 > [+] phase 1 > [+] AAAA argv_start=0xbfff6fee argv_end=0xbfff6ff2 ESP: 0xbfff6e80 > [+] phase 2, to crash Segmentation fault (core dumped) > > and core-dumps. > > any help? is the hardened server secure? I suppose so, since it didn't core > dump. > >>From what I understood, a core dump doesn't meen the POC worked. But I could be wrong... > regards, > pedro venda. > -- > > Pedro João Lopes Venda > email: pjvenda < at > arrakis.dhis.org > http://arrakis.dhis.org > > > best regards, e abraços pa ti pj! :-p -- Miguel Sousa Filipe -- gentoo-security@gentoo.org mailing list -- gentoo-hardened@gentoo.org mailing list