So, the night is still young, and I need distraction from $MEGACORP B.S., so there goes nothing: let's test #DirtyFrag on #Slackware 15!
-
So, the night is still young, and I need distraction from $MEGACORP B.S., so there goes nothing: let's test #DirtyFrag on #Slackware 15!
"The target is /usr/bin/su" - oh bless your soul, you naughty little hacker you...
π§΅
-
So, the night is still young, and I need distraction from $MEGACORP B.S., so there goes nothing: let's test #DirtyFrag on #Slackware 15!
"The target is /usr/bin/su" - oh bless your soul, you naughty little hacker you...
π§΅
Well, that went about as well as you could expect:
$ git clone https://github.com/V4bel/dirtyfrag.git
$ gcc -O0 -Wall -o exp exp.c -lutil
$ ./exp
dirtyfrag: failed (rc=3)Mind you, this after editing the 'exp.c' file to replace all occurences of /usr/bin/su to /bin/su
I suspect Slackware 15 and its kernel modules do not contain the vulnerable ones that #DirtyFrag is targeting.
π§΅
-
Well, that went about as well as you could expect:
$ git clone https://github.com/V4bel/dirtyfrag.git
$ gcc -O0 -Wall -o exp exp.c -lutil
$ ./exp
dirtyfrag: failed (rc=3)Mind you, this after editing the 'exp.c' file to replace all occurences of /usr/bin/su to /bin/su
I suspect Slackware 15 and its kernel modules do not contain the vulnerable ones that #DirtyFrag is targeting.
π§΅
Well, the only mitigation published indicates this:
sh -c "printf 'install esp4 /bin/false\ninstall esp6 /bin/false\ninstall rxrpc /bin/false\n' > /etc/modprobe.d/dirtyfrag.conf; rmmod esp4 esp6 rxrpc 2>/dev/null; true"
So, do not load modules esp4, esp6 and rxrpc, which on my Slackware machine is...
$ /sbin/lsmod | grep -i ^esp
esp4 28672 0$ /sbin/lsmod | grep -i ^rxrpc
rxrpc 290816 0$ uname -rms
Linux 5.15.204 x86_64So, no esp6 kernel module.
π§΅
-
Well, the only mitigation published indicates this:
sh -c "printf 'install esp4 /bin/false\ninstall esp6 /bin/false\ninstall rxrpc /bin/false\n' > /etc/modprobe.d/dirtyfrag.conf; rmmod esp4 esp6 rxrpc 2>/dev/null; true"
So, do not load modules esp4, esp6 and rxrpc, which on my Slackware machine is...
$ /sbin/lsmod | grep -i ^esp
esp4 28672 0$ /sbin/lsmod | grep -i ^rxrpc
rxrpc 290816 0$ uname -rms
Linux 5.15.204 x86_64So, no esp6 kernel module.
π§΅
Conclusion: #slackware 15 in its base version does not seem to be affected by #DirtyFrag provided you have applied all the patches.
Make of that what you will, I am not an expert.
π§΅
-
Conclusion: #slackware 15 in its base version does not seem to be affected by #DirtyFrag provided you have applied all the patches.
Make of that what you will, I am not an expert.
π§΅
Once again, like #CopyFail #DirtyFrag seems overhyped.
Also: running the bleeding edge kernel and distro will get you a nasty bite in the butt.
I expect #Slackware to release a new kernel soon to patch #DirtyFrag
-
Once again, like #CopyFail #DirtyFrag seems overhyped.
Also: running the bleeding edge kernel and distro will get you a nasty bite in the butt.
I expect #Slackware to release a new kernel soon to patch #DirtyFrag
@ParadeGrotesque Noticed the same when I checked earlier, wasn't sure if the default 'huge' kernel was vulnerable, but, the (patched) generic kernel w/ my initrd was also fine (even ignoring the /usr/bin/su vs /bin/su difference)
... so, much like with copyfail, I'm left wondering why these modules are loaded by default on so many systems in the first place, since nothing seems to be breaking without them. -
R relay@relay.infosec.exchange shared this topic
