Re: Linux 2.6.30+/SELinux/RHEL5 test kernel 0day, exploiting the unexploitable

[Marcus Meissner <meissner () suse de>]

On Mon, Jul 20, 2009 at 03:29:09PM +0400, Solar Designer wrote:
> Marcus,
>
> On Mon, Jul 20, 2009 at 12:01:47PM +0200, Marcus Meissner wrote:
> > - fixed the personality - PER_CLEAR_ON_SETTID inheritance issue (CVE-2009-1895)
> >   to work around mmap_min_addr protection.
> >   Affects 2.6.23-2.6.30.1
>
> What makes you think this does not affect earlier kernels?  This does
> not match my analysis, but maybe I am missing something, hence I ask.
>
> BTW, as you're aware, this fix is a hardening measure for/against
> SUID-root programs with a certain class of design errors in them; it is
> not exactly a fix for the kernel itself, although it should be in the
> kernel.  I do not mean to downplay the issue, but I think it is
> important that we distinguish the different types of changes that we are
> making in response to Brad's exploit.

Foremost, the mmap_min_addr protection is not in older kernels (<2.6.23) at all,
so its kinda "not implemented" instead of "bug".

Ciao, Marcus