On 12/05/14 22:11, Keith Keller wrote:
On 2014-05-12, Akemi Yagi amyagi@gmail.com wrote:
According to the upstream BZ 1094232, there is a patch from kernel.org:
https://git.kernel.org/cgit/linux/kernel/git/gregkh/tty.git/commit/?h=tty-li...
Actually, I was wondering about mitigation along the lines of blacklisting a module, tuning a sysctl parameter, or some other mitigation that wouldn't require a new kernel. Perhaps such mitigation isn't even possible with this issue.
--keith
Not specific to this issue, but you might like to look at TPE (kmod-tpe) available at elrepo.org.
http://elrepo.org/tiki/kmod-tpe
Trusted Path Execution (TPE) is a kernel module that prevents users from executing programs that are not owned by root, or are writable. This effectively blocks users (or compromised accounts) from executing code to exploit vulnerabilities such as this.
For example, taken from the README:
* Trusted Path Execution; deny execution of non-root owned or writable binaries
$ gcc -o exploit exploit.c $ chmod 755 exploit $ ./exploit -bash: ./exploit: Permission denied
$ dmesg | tail -n1 [tpe] Denied untrusted exec of /home/corey/exploit (uid:500) by /bin/bash (uid:500), parents: /usr/sbin/sshd (uid:500), /usr/sbin/sshd (uid:0), /sbin/init (uid:0). Deny reason: directory uid not trusted