[Bug 190587] Re: Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice)

ismail ismailh at ifi.uio.no
Tue Feb 12 11:58:06 UTC 2008

The exploit does not seem to work on feisty:
$ gcc vmsplice.c -o vmsp
$ ./vmsp
 Linux vmsplice Local Root Exploit
 By qaaz
[+] mmap: 0x0 .. 0x1000
[+] page: 0x0
[+] page: 0x20
[+] mmap: 0x4000 .. 0x5000
[+] page: 0x4000
[+] page: 0x4020
[+] mmap: 0x1000 .. 0x2000
[+] page: 0x1000
[+] mmap: 0xb7e20000 .. 0xb7e52000
Segmentation fault (core dumped)

But the exploit works on Gusty and the fix in
http://home.powertech.no/oystein/ptpatch2008/ptpatch2008.c seems to

Remember that the Makefile (http://home.powertech.no/oystein/ptpatch2008/Makefile) has to be downloaded also. After you run make all, there will be a kernel module called ptpatch2008.ko in the same directory. Insert the module into the kernel:
#insmod ptpatch2008.ko

This will prevent the privilege escalation as long as the machine is not
rebooted. You can also insert the module at startup in the event the
machine is rebooted. This has worked for me so far, until we get an
official fix in the repository.

Local root exploit in kernel 2.6.17 - 2.6.24 (vmsplice)
You received this bug notification because you are a member of Kernel
Bugs, which is a bug contact for linux-source-2.6.15 in ubuntu.

More information about the kernel-bugs mailing list