这里简单介绍 linux compat vulns 的临时解决方法 (适用于线上的64bit生产系统,如部署新系统请先更新代码).
向 Wojciech Purczynski 致敬.
关于此问题的更多资料请继续下面的阅读…
kernel git commit: compat: Make compat_alloc_user_space() incorporate the access_ok()
Red Hat Bug 634457 – (CVE-2010-3081) CVE-2010-3081 kernel: 64-bit Compatibility Mode Stack Pointer Underflow
Documentation: binfmt_misc.txt
Workaround for Ac1db1tch3z exploit.
# 如果确定线上64bit系统不需要运行32bit的程序,则可以把32bit兼容模式关掉.
# 并写入到/etc/rc.local中. 如果需要运行32bit程序则此方法不适用.
# echo ‘:32bits:M:0:\x7fELF\x01::/bin/echo:’ > /proc/sys/fs/binfmt_misc/register
# 如需要取消此限制…执行如下命令即可
# echo -1 > /proc/sys/fs/binfmt_misc/32bits
eg:
[root@localhost ~]# cd /proc/sys/fs/binfmt_misc/
[root@localhost binfmt_misc]# ls
register status
[root@localhost binfmt_misc]#
[root@localhost binfmt_misc]# echo ‘:32bits:M:0:\x7fELF\x01::/bin/echo:’ > /proc/sys/fs/binfmt_misc/register
[root@localhost binfmt_misc]# ls
32bits register status
[root@localhost binfmt_misc]# cat 32bits
enabled
interpreter /bin/echo
flags:
offset 0
magic 7f454c4601
[root@localhost binfmt_misc]#
# 测试..
[sina@localhost ~]$ ./h
./h
[sina@localhost ~]$
附: 魔幻数字 ‘\x7fELF\x01’ 的含义…
[sina@localhost ~]$ file h
h: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), for GNU/Linux 2.6.9, dynamically linked (uses shared libs), for GNU/Linux 2.6.9, not stripped
[sina@localhost ~]$ file /bin/ls
/bin/ls: ELF 64-bit LSB executable, AMD x86-64, version 1 (SYSV), for GNU/Linux 2.6.9, dynamically linked (uses shared libs), for GNU/Linux 2.6.9, stripped
[sina@localhost ~]$
[sina@localhost ~]$ readelf -h ./h
ELF Header:
Magic: 7f 45 4c 46 01 01 01 00 00 00 00 00 00 00 00 00
Class: ELF32
Data: 2’s complement, little endian
Version: 1 (current)
OS/ABI: UNIX – System V
ABI Version: 0
Type: EXEC (Executable file)
Machine: Intel 80386
Version: 0x1
Entry point address: 0x80482b0
Start of program headers: 52 (bytes into file)
Start of section headers: 1908 (bytes into file)
Flags: 0x0
Size of this header: 52 (bytes)
Size of program headers: 32 (bytes)
Number of program headers: 7
Size of section headers: 40 (bytes)
Number of section headers: 28
Section header string table index: 25
[sina@localhost ~]$ readelf -h /bin/ls
ELF Header:
Magic: 7f 45 4c 46 02 01 01 00 00 00 00 00 00 00 00 00
Class: ELF64
Data: 2’s complement, little endian
Version: 1 (current)
OS/ABI: UNIX – System V
ABI Version: 0
Type: EXEC (Executable file)
Machine: Advanced Micro Devices X86-64
Version: 0x1
Entry point address: 0x402460
Start of program headers: 64 (bytes into file)
Start of section headers: 89256 (bytes into file)
Flags: 0x0
Size of this header: 64 (bytes)
Size of program headers: 56 (bytes)
Number of program headers: 8
Size of section headers: 64 (bytes)
Number of section headers: 31
Section header string table index: 30
[sina@localhost ~]$
[ –EOF- ]