grsecurity forums

[Hal9000]

http://www.securityfocus.com/archive/1/ ... 0/threaded

[JLO]

Cool.
http://satfilm.pl/~n30n/grsec.png

[fixinko]

On my 2.4.32-grsec [grsec version 2.1.8], libc version 2.3.6 not working just still forking and forking....

[fonya]

Is this working with a 2.6.X kernel, or my glibc version the "problem"? With, or without grsec patch, the results are the same:

./a.out
# Return into libc exploit by Adam Simuntis <adam (at) pinkhat (dot) org [email concealed]> |an example|
# Gathering info..
LIBC: 2.3.90-development
- got sysname: Linux 2.6.14.7-fpatch-8.14
- got system() addr: 0x51446d77
- got /bin/sh addr: 0x5152c3bc
~ system() - offset @: 0x51442d77
~ /bin/sh - offset @: 0x515283bc
# Warning: Libc version 2.3.90 was not tested. Program may not work correctly.
# Press enter to proceed attack or ctrl+c to cancel.
# Bypassing grsecurity protection
~ wait for shell
....
# Exploit failed. (resources)
# Exploit failed. (resources)
# Exploit failed. (resources)
# Exploit failed. (resources)
# Exploit failed. (resources)
# Exploit failed. (resources)
# Exploit failed. (resources)
.. and so on.

And with grsec patch the dmesg sad:
grsec: From X.X.X.X: failed fork with errno -11 by /../../a.out[a.out:101] uid/euid:2/2 gid/egid:2/2, parent /../../a.out[a.out:11848] uid/euid:2/2 gid/egid:2/2
grsec: From X.X.X.X: denied resource overstep by requesting 8191 for RLIMIT_NPROC against limit 8191 for /../../a.out[a.out:23916] uid/euid:2/2 gid/egid:2/2, parent /../../a.out[a.out:11848] uid/euid:2/2 gid/egid:2/2

[spender]

Nothing new here, just a brute-force attack, which btw won't work against remote services if you have the bruteforce deterrence enabled in your config.

-Brad