From: Blaisorblade <bla...@ya...> - 2004-11-03 16:20:18
|
On Wednesday 03 November 2004 00:00, Michael Richardson wrote: > Is there a final patch that you think might work, and deal with the > mm->dumpable flag issue? > I was all set to test the previous patch, but then you said not to... On top of -V7 you can apply the attached patch. I'm almost sure it works. The problem is that I have not the certainty that it is not exploitable, i.e. it can be used to gain access to root privileges. I am almost sure it is not... but please *avoid* using a setuid UML binary with this patch (it is not a good idea, anyway, but it is even worse with this patch. I believe that to exploit it, if at all possible, having a setuid binary which is coded to use SKAS (either UML or a malicious program). -- Paolo Giarrusso, aka Blaisorblade Linux registered user n. 292729 |