On Fri, May 23, 2003 at 04:16:22PM +0200, Steffen Schulz wrote: > > Am I right that a local User is able to crash the system > by putting evil data into these mysterious I/O-Ports?
I'm not sure, but I don't *think* that the attacker is free to chose any target port. > Is privilege escalation possible? According to the grsec guys, if you've obtained access to IO ports, everything is possible. > Is this exploitable out of a chroot-jail(ssh,postfix)? Unprivileged processes can't call ioperm() (and jailed programs are usually unprivileged anyway) > Are there any workarounds Remove CAP_SYS_RAWIO from the global capability bounding set. Then restart your sensitive services. > or do I have to compile rc3? Beware, the fix in -rc3 is broken. The original one is here: http://linux.bkbits.net:8080/linux-2.4/diffs/arch/i386/kernel/[EMAIL PROTECTED]|[EMAIL PROTECTED]|[EMAIL PROTECTED] You'll find the fix for the fix here: http://marc.theaimsgroup.com/?l=linux-kernel&m=105368405504595&w=2 bit, adam -- 1024D/37B8D989 954B 998A E5F5 BA2A 3622 82DD 54C2 843D 37B8 D989 finger://[EMAIL PROTECTED] | Some days, my soul's confined http://www.keyserver.net | And out of mind Sleep forever
