kernel module for chmod restrictions while in securelevel one
or higher
Chris Walker
chris.walker at velocitum.com
Sat Jul 31 16:05:19 UTC 2010
Hi list
#1 Not same exploit referenced in URL.
#2 Not same bug, although you had the function right, sort of.
#3 That kernel module is useless: The exploit in the wild has already changed to bypass such restriction.
#4 The bug is already patched, upgrade your kernel.
#5 If you intend on introducing a kernel module that potentially makes your system unstable, make sure it actually fixes the bug. This workaround merely made the exploit grow more lethal, and provides a FALSE sense of a security, and as such I would *STRONGLY* discourage use of this kernel module.
This is a perfect example of why software developers never ever will be able to fight blackhat hackers: Ignorance.
Thanks.
On Jul 31, 2010, at 2:59 PM, István wrote:
> http://www.securiteam.com/exploits/6P00C00EKO.html
>
> <http://www.securiteam.com/exploits/6P00C00EKO.html>HTH
>
> On Sat, Jul 31, 2010 at 1:41 PM, Kostik Belousov <kostikbel at gmail.com>wrote:
>
>> On Fri, Jul 30, 2010 at 11:18:39PM -0700, Selphie Keller wrote:
>>> Kernel module for chmod restrictions while in securelevel one or higher:
>>> http://gist.github.com/501800 (fbsd 8.x)
>>>
>>> Was looking at the new recent sendfile/mbuf exploit and it was using a
>>> shellcode that calls chmod syscall to make a setuid/setgid binary.
>> However
>> Can you point to the exploit (code) ?
>>
>
>
>
> --
> the sun shines for all
>
> http://l1xl1x.blogspot.com
> _______________________________________________
> freebsd-security at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-security
> To unsubscribe, send any mail to "freebsd-security-unsubscribe at freebsd.org"
>
More information about the freebsd-security
mailing list