> I modified the hotfix so it will also patch compat_sys_vmsplice, which > would be important on amd64 boxen with x86 compatibility enabled.
Once again: The "hotfix" and also your modification are stupid, stupid, stupid and dangerous. The "hotfix" first attempts to try the exploit and this corrupts kernel memory. It is very likely that your system will crash shortly after and numerous people have reported that the "hotfix" just has that result either instantaneous or after a short while. Also while overwriting the vmsplice syscall with a "ret" will prevent the hole from being abused, this will also confuse software which wants to use the vmsplice call. At least one should return with a error. I'm not sure if there is any software in normal use which uses vmsplice but keep this in mind. And finally: If you really really want to use this kind of fix, why don't you just get rid of all the dangerous exploit code and only keep the code from inside the "de_exploit()" function and then call this code as root? This would do the job without causing memory corruption. But the best fix still is to just install a updated kernel and reboot. As said, you will anyway (but at a random time), at least when using this stupid "hotfix" which destroys your kernel memory. There might be systems which cannot be rebooted right now, but i most cases i feel that people who wan't to apply such a hotfix instead of deploying a clean solution are just lazy. Regards Michael -- It's an insane world, but i'm proud to be a part of it. -- Bill Hicks -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
