Re: Clamav

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Saturday 17 April 2010, jdow wrote:
>From: "Sam Sharpe" <lists.redhat@xxxxxxxxxxxxx>
>Sent: Saturday, 2010/April/17 02:09
>
>On 17 April 2010 08:41, jdow <jdow@xxxxxxxxxxxxx> wrote:
>> From: "Patrick O'Callaghan" <pocallaghan@xxxxxxxxx>
>> Sent: Friday, 2010/April/16 22:49
>>
>>> Which of the vulnerabilities discussed on the kernel list is
>>> communicable via an email message in such a way as to compromise the
>>> security of the target system without manual intervention on the part of
>>> its user? Please be specific.
>>
>> Here is a non-LKML reference with a full explanation of the problem:
>> Some background:
>> http://blog.ksplice.com/2010/03/null-pointers-part-i/
>> How to exploit it:
>> http://blog.ksplice.com/2010/04/exploiting-kernel-null-dereferences/
>>
>> The exploit can be delivered through email and introduced into the
>> machine via targeted social engineering. If you can be tricked into
>> allowing it to run, you're toast. ANY means of getting into the
>> machine and having code execute is sufficient to allow the exploit
>> to run within the kernel at kernel privilege.
>
>Read the page more carefully. Particularly the comments.
>
>-------------
>Nelson Elhage says:
>April 13, 2010 at 12:35 pm
>....
>After all the NULL pointer vulnerabilities last year, every major
>distro has now turned mmap_min_addr on by default. So if you need to
>run old DOS programs in Wine you can still change it, but it should be
>much harder to exploit these things by default.
>....
>-------------
>
>-------------
>Nelson Elhage says:
>April 14, 2010 at 9:54 am
>
>Tomoe: I believe that, on recent kernels, SELinux blocks mmap’ing the
>zero page separately from the mmap_min_addr mechanism. You should be
>able to disable this protection for the purposes of experimentation by
>running
>
>setsebool -P mmap_low_allowed 1
>
>as root.
>-------------
>
>--
>Sam
>
><<jdow
>How many people get frustrated with SELinux and simply disable it?
>
>{o.o}
>
Well, here is one, who gave it about a 6 month play last year, determined to 
see if its was actually an every day usable scheme.  But I have things I want 
to do with this machine, and I finally grokked that I was spending more time 
on the selinuix list, fussing about this, and fixing that, from documentation 
that at best can only be described as extremely obtuse, found I was fiddling 
with it more than half the time, and said to hell with it and shut it off and 
got on with my life.  I have a router that supposedly stops the external 
attacks, I don't automatically render html emails and my SA triggers to 
/dev/null at five stars.

-- 
Cheers, Gene
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
hangover, n.:
	The wrath of grapes.
-- 
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux