On Saturday 17 April 2010, jdow wrote: >From: "Sam Sharpe" <lists.redhat@xxxxxxxxxxxxx> >Sent: Saturday, 2010/April/17 02:09 > >On 17 April 2010 08:41, jdow <jdow@xxxxxxxxxxxxx> wrote: >> From: "Patrick O'Callaghan" <pocallaghan@xxxxxxxxx> >> Sent: Friday, 2010/April/16 22:49 >> >>> Which of the vulnerabilities discussed on the kernel list is >>> communicable via an email message in such a way as to compromise the >>> security of the target system without manual intervention on the part of >>> its user? Please be specific. >> >> Here is a non-LKML reference with a full explanation of the problem: >> Some background: >> http://blog.ksplice.com/2010/03/null-pointers-part-i/ >> How to exploit it: >> http://blog.ksplice.com/2010/04/exploiting-kernel-null-dereferences/ >> >> The exploit can be delivered through email and introduced into the >> machine via targeted social engineering. If you can be tricked into >> allowing it to run, you're toast. ANY means of getting into the >> machine and having code execute is sufficient to allow the exploit >> to run within the kernel at kernel privilege. > >Read the page more carefully. Particularly the comments. > >------------- >Nelson Elhage says: >April 13, 2010 at 12:35 pm >.... >After all the NULL pointer vulnerabilities last year, every major >distro has now turned mmap_min_addr on by default. So if you need to >run old DOS programs in Wine you can still change it, but it should be >much harder to exploit these things by default. >.... >------------- > >------------- >Nelson Elhage says: >April 14, 2010 at 9:54 am > >Tomoe: I believe that, on recent kernels, SELinux blocks mmap’ing the >zero page separately from the mmap_min_addr mechanism. You should be >able to disable this protection for the purposes of experimentation by >running > >setsebool -P mmap_low_allowed 1 > >as root. >------------- > >-- >Sam > ><<jdow >How many people get frustrated with SELinux and simply disable it? > >{o.o} > Well, here is one, who gave it about a 6 month play last year, determined to see if its was actually an every day usable scheme. But I have things I want to do with this machine, and I finally grokked that I was spending more time on the selinuix list, fussing about this, and fixing that, from documentation that at best can only be described as extremely obtuse, found I was fiddling with it more than half the time, and said to hell with it and shut it off and got on with my life. I have a router that supposedly stops the external attacks, I don't automatically render html emails and my SA triggers to /dev/null at five stars. -- Cheers, Gene "There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order." -Ed Howdershelt (Author) hangover, n.: The wrath of grapes. -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
