(In reply to comment #18) [...] > There is also a kernel module fix that catches vmsplice calls: > http://home.powertech.no/oystein/ptpatch2008/ > > Makefile and source code worked as is for my 2.6.23.14-115.fc8 x86_64 kernel. > After insmod, execution of the exploit fails: > > $ sudo insmod ptpatch2008.ko > $ dmesg | tail -3 > ptpatch2008: init, (c) 2008 <email address hidden> > ptpatch2008: syscalls ffffffff81270780 > hooked sys_vmsplice > $ ./exploit_test > [...] > [-] vmsplice: Invalid argument > $ dmesg | tail -4 > ptpatch2008: init, (c) 2008 <email address hidden> > ptpatch2008: syscalls ffffffff81270780 > hooked sys_vmsplice > ptpatch2008: possible EXPLOIT attempt by uid 500.
This is perfect for our needs. Can anyone confirm that this patch is safe? I'm afraid my code reviewing days are behind me. :)
-Matt
(In reply to comment #18)home.powertech.no/oystein/ptpatch2008/
[...]
> There is also a kernel module fix that catches vmsplice calls:
> http://
>
> Makefile and source code worked as is for my 2.6.23.14-115.fc8 x86_64 kernel.
> After insmod, execution of the exploit fails:
>
> $ sudo insmod ptpatch2008.ko
> $ dmesg | tail -3
> ptpatch2008: init, (c) 2008 <email address hidden>
> ptpatch2008: syscalls ffffffff81270780
> hooked sys_vmsplice
> $ ./exploit_test
> [...]
> [-] vmsplice: Invalid argument
> $ dmesg | tail -4
> ptpatch2008: init, (c) 2008 <email address hidden>
> ptpatch2008: syscalls ffffffff81270780
> hooked sys_vmsplice
> ptpatch2008: possible EXPLOIT attempt by uid 500.
This is perfect for our needs. Can anyone confirm that this patch is safe? I'm
afraid my code reviewing days are behind me. :)
-Matt