Re: Clamav

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]


From: "Sam Sharpe" <[email protected]>
Sent: Saturday, 2010/April/17 02:09

On 17 April 2010 08:41, jdow <[email protected]> wrote:
> From: "Patrick O'Callaghan" <[email protected]>
> Sent: Friday, 2010/April/16 22:49

>> Which of the vulnerabilities discussed on the kernel list is
>> communicable via an email message in such a way as to compromise the
>> security of the target system without manual intervention on the part of
>> its user? Please be specific.
> Here is a non-LKML reference with a full explanation of the problem:
> Some background:
> How to exploit it:
> The exploit can be delivered through email and introduced into the
> machine via targeted social engineering. If you can be tricked into
> allowing it to run, you're toast. ANY means of getting into the
> machine and having code execute is sufficient to allow the exploit
> to run within the kernel at kernel privilege.

Read the page more carefully. Particularly the comments.

Nelson Elhage says:
April 13, 2010 at 12:35 pm
After all the NULL pointer vulnerabilities last year, every major
distro has now turned mmap_min_addr on by default. So if you need to
run old DOS programs in Wine you can still change it, but it should be
much harder to exploit these things by default.

Nelson Elhage says:
April 14, 2010 at 9:54 am

Tomoe: I believe that, on recent kernels, SELinux blocks mmap’ing the
zero page separately from the mmap_min_addr mechanism. You should be
able to disable this protection for the purposes of experimentation by

setsebool -P mmap_low_allowed 1

as root.


How many people get frustrated with SELinux and simply disable it?


users mailing list
[email protected]
To unsubscribe or change subscription options:

[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux