/proc exploit

Discuss usability issues, general maintenance, and general support issues for a grsecurity-enabled system.

/proc exploit

Postby giany » Mon Jul 17, 2006 1:08 am

Ok now it really hurts!

$ ./sh public_html/Linux.tar

preparing
trying to exploit public_html/Linux.tar

sh-3.1# id
uid=0(root) gid=100(users) groups=100(users),103(su)
sh-3.1# uname -a
Linux * 2.6.17.4-grsec #3 Thu Jul 13 14:43:14 EEST 2006 i686 athlon-4 i386 GNU/Linux
sh-3.1#

http://www.securityfocus.com/bid/18992/info
Any fix for this? Does grsec work on 2.6.17.5?
giany
 
Posts: 3
Joined: Wed Jul 12, 2006 4:11 pm

Postby ralphy » Mon Jul 17, 2006 5:59 am

fixed in latest .5 i'm pretty sure. hotfix entails

mount -o remount,nosuid /proc
ralphy
 
Posts: 52
Joined: Wed Jan 11, 2006 12:51 pm


Return to grsecurity support

cron