Hi list #1 Not same exploit referenced in URL. #2 Not same bug, although you had the function right, sort of. #3 That kernel module is useless: The exploit in the wild has already changed to bypass such restriction. #4 The bug is already patched, upgrade your kernel. #5 If you intend on introducing a kernel module that potentially makes your system unstable, make sure it actually fixes the bug. This workaround merely made the exploit grow more lethal, and provides a FALSE sense of a security, and as such I would *STRONGLY* discourage use of this kernel module.
This is a perfect example of why software developers never ever will be able to fight blackhat hackers: Ignorance. Thanks. On Jul 31, 2010, at 2:59 PM, István wrote: > http://www.securiteam.com/exploits/6P00C00EKO.html > > <http://www.securiteam.com/exploits/6P00C00EKO.html>HTH > > On Sat, Jul 31, 2010 at 1:41 PM, Kostik Belousov <[email protected]>wrote: > >> On Fri, Jul 30, 2010 at 11:18:39PM -0700, Selphie Keller wrote: >>> Kernel module for chmod restrictions while in securelevel one or higher: >>> http://gist.github.com/501800 (fbsd 8.x) >>> >>> Was looking at the new recent sendfile/mbuf exploit and it was using a >>> shellcode that calls chmod syscall to make a setuid/setgid binary. >> However >> Can you point to the exploit (code) ? >> > > > > -- > the sun shines for all > > http://l1xl1x.blogspot.com > _______________________________________________ > [email protected] mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "[email protected]" > _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "[email protected]"
