[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [suse-security] ulimit -v workaround for the do_brk() bug does not work

To: erik@xxxxxxxxxxx
Subject: RE: [suse-security] ulimit -v workaround for the do_brk() bug does not work
From: GarUlbricht7@xxxxxxxxxxxx
Date: Wed, 03 Dec 2003 17:22:36 -0500
Cc: suse-security@xxxxxxxx
Delivered-to: mailing list suse-security@xxxxxxxx
Delivery-date: Wed, 03 Dec 2003 23:28:40 +0100
Envelope-to: suse@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx
List-help: <mailto:suse-security-help@suse.com>
List-post: <mailto:suse-security@suse.com>
List-subscribe: <mailto:suse-security-subscribe@suse.com>
List-unsubscribe: <mailto:suse-security-unsubscribe-suse=archive.cert.uni-stuttgart.de@suse.com>
Mailing-list: contact suse-security-help@xxxxxxxx; run by ezmlm

Erik Hensema <erik@xxxxxxxxxxx> wrote:
>
> Hi,
>
> Maybe this has been discussed earlier today on this list, 
> but I've just joined it.
>
> I was told that doing a 'limit -v 2097151' would work around 
> the do_brk() bug. Unfortunately it does not :-(
>
> The sample exploit posted on bugtraq manages to reboot 
> my SuSE 8.2 machine (standard kernel) despite the ulimit.
>
>-- 
> Erik Hensema (erik@xxxxxxxxxxx)
>

Hi Erik,

Roman in hiw original post suggested two other things
needed to be done to install this work around:

Add the line 

    ulimit -v 2097151    

as the second lines of /etc/init.d/rc and /etc/profile, 

and then execute the command itself in your shell 

and then restart all daemons that allow logins 
(xdm, sshd, inetd/xinetd, ...). 

Alternatively, simply reboot after adding the lines to above files:
Roman said this workaround is Courtesy of Solar Designer.  

(Note: The reboot is in lieu of restarting 
all daemons and not the editing of /etc/init.d/rc and /etc/profile.)

Further Note:  the above limit -v # was changed to reflect
Roaman's second post.)

It would be best to Read, the entire thread 
"RE: [suse-security] Bugs on Kernel 2.4" at:
http://lists.suse.com/archive/suse-security/2003-Dec/ 

Redhat has already put up their patch rpm,

I suspect SuSe's will be up soon, making this work around moot.

Hope this helps,
Gar

-- 
     In the Beginning was the Command Line 
                       ---Neal Stephenson 

-- 

__________________________________________________________________
McAfee VirusScan Online from the Netscape Network.
Comprehensive protection for your entire computer. Get your free trial today!
http://channels.netscape.com/ns/computing/mcafee/index.jsp?promo=393397

Get AOL Instant Messenger 5.1 free of charge.  Download Now!
http://aim.aol.com/aimnew/Aim/register.adp?promo=380455

-- 
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here

Follow-Ups:
- Re: [suse-security] ulimit -v workaround for the do_brk() bug does not work
  - From: Erik Hensema

Prev by Date: Re: [suse-security] Crackers Trap tool/project
Next by Date: Re: [suse-security] suse 8.1 : ptrace exploit still working fine!?MAybe sligthly OT.
Previous by thread: [suse-security] ulimit -v workaround for the do_brk() bug does not work
Next by thread: Re: [suse-security] ulimit -v workaround for the do_brk() bug does not work
Index(es):
- Date
- Thread