RE: [Full-disclosure] Linux kernel exploit

From: John Jacobs <flamdugen@hotmail.com>
To: dan.j.rosenberg@gmail.com,full-disclosure@lists.grok.org.uk,bugtraq@securityfocus.com
Cc:
Subject: RE: [Full-disclosure] Linux kernel exploit
Date:



> I've included here a proof-of-concept local privilege escalation exploit
> for Linux.  Please read the header for an explanation of what's going
> on.  Without further ado, I present full-nelson.c:

Hello Dan, is this exploitation not mitigated by best practice 
defense-in-depth strategies such as preventing the CAP_SYS_MODULE 
capability or '/sbin/sysctl -w kernel.modules_disabled=1' respectively?
 It seems it'd certainly stop the Econet/Acorn issue.

Curious to hear your input as I fear too many rely solely on errata updates and not a good defense-in-depth approach.

> Happy hacking,
> Dan

Cheers,
John Jacobs
                                     





Copyright © 1995-2018 LinuxRocket.net. All rights reserved.