You are not logged in.
- Topics: Active | Unanswered
#1 2009-11-04 16:34:12
- pseudonomous
- Member
- Registered: 2008-04-23
- Posts: 349
Are we vulnarable to the linked security hole?
Hi everybody,
I saw this:
http://www.theregister.co.uk/2009/11/03 … erability/
it describes (rather vaguely) a security flaw in kernels pre-2.6.32-rc5 that apparently allows non-root users to gain root access. It states that distros that properly implement "nmap_min_addr" shouldn't be vulnerable, and states that RHEL is pretty much the only one that doesn't. I was wondering, though, do we implement it? Are we vulnerable?
Offline
#2 2009-11-04 17:02:23
- hbekel
- Member
- Registered: 2008-10-04
- Posts: 311
Re: Are we vulnarable to the linked security hole?
~$> cat /proc/sys/vm/mmap_min_addr
4096
~$> zgrep MMAP_MIN /proc/config.gz
CONFIG_DEFAULT_MMAP_MIN_ADDR=4096You'd be vulnerable only if this was set to 0, so don't worry.
Offline
#3 2009-11-04 18:34:39
- Gen2ly
- Member
- From: Sevierville, TN
- Registered: 2009-03-06
- Posts: 1,529
- Website
Re: Are we vulnarable to the linked security hole?
Yeah, didn't this get introduced in .31? I'm just wondering just how can such a directly-hardware related piece of software can have such and damaging exploit.
Last edited by Gen2ly (2009-11-04 19:30:22)
Setting Up a Scripting Environment | Proud donor to wikipedia - link
Offline
#4 2009-11-04 18:45:56
- tavianator
- Member
- From: Waterloo, ON, Canada
- Registered: 2007-08-21
- Posts: 859
- Website
Re: Are we vulnarable to the linked security hole?
Yeah, didn't this get introduced in .31? I'm just wondering just how can such a directly-hardware related piece of software have such and damaging exploit.
Kernel developers are human too. But I'm assuming the fix will get backported pretty soon. And any security-concious person should have mmap_min_addr set correctly anyway.
Also, RE: mmap_min_addr, the article says
What's more, many administrators are forced to disable the feature so their systems can run developer tools or desktop environments such as Wine.
Which is funny because Wine is not a desktop environment, and it works fine on my box with mmap_min_addr set to 4096.
Offline
#5 2009-11-04 19:44:25
- Gen2ly
- Member
- From: Sevierville, TN
- Registered: 2009-03-06
- Posts: 1,529
- Website
Re: Are we vulnarable to the linked security hole?
Yeah, for something that works 99.99% of the time I'll admit that my statement is disproportional. With computers being so network-integrated now days such security misses seem far more important than 30 new drivers or a new scheduler, however. I particularly have liked the extended releases that both the last kernel and Firefox took because the additional time would allowed for greater churning and both releases came out alot cleaner than would have previously. Just a little disappointed/surprised that within a month of release holes-in-the-wall had been found. Just a coincidence but nags nonetheless.
Last edited by Gen2ly (2009-11-04 19:50:54)
Setting Up a Scripting Environment | Proud donor to wikipedia - link
Offline
#6 2009-11-04 21:01:37
- pseudonomous
- Member
- Registered: 2008-04-23
- Posts: 349
Re: Are we vulnarable to the linked security hole?
~$> cat /proc/sys/vm/mmap_min_addr 4096 ~$> zgrep MMAP_MIN /proc/config.gz CONFIG_DEFAULT_MMAP_MIN_ADDR=4096You'd be vulnerable only if this was set to 0, so don't worry.
Ah, well that's releaving, thanks!
Offline
#7 2009-11-04 21:58:12
- Allan
- Pacman
- From: Brisbane, AU
- Registered: 2007-06-09
- Posts: 11,650
- Website
Re: Are we vulnarable to the linked security hole?
~$> cat /proc/sys/vm/mmap_min_addr 4096 ~$> zgrep MMAP_MIN /proc/config.gz CONFIG_DEFAULT_MMAP_MIN_ADDR=4096You'd be vulnerable only if this was set to 0, so don't worry.
I thought this one was actually vulnerable if this was less than 4K.
Offline