Besides ensuring that no untrusted user can execute arbitrary files via access control, rudimentary Unix permissions and TPE (Trusted Path Execution) PaX is effective in defeating some kernel exploits.
PaX KERNEXEC is enough for mitigating the recently disclosed vmsplice() vulnerability specifically CVE-2008-0600. The exploit is reported to work since Linux 2.6.17.
Here's the exploit ran on 2.6.24.1 (click to view).
I patched the kernel with PaX without Grsec and activated the following:
- CONFIG_PAX
- CONFIG_PAX_NOEXEC
- CONFIG_PAX_KERNEXEC
Now the exploit ran on 2.6.24.1-PaX (click to view).
Thanks to the PaX Team.
0 comments:
Post a Comment