Adam-pi3
commented
9 months ago @pythonmandev "looney tunable" is not a vulnerability in the kernel so it is out of scope of LKRG project.
Closed pythonmandev closed 9 months ago
Adam-pi3
commented
9 months ago @pythonmandev "looney tunable" is not a vulnerability in the kernel so it is out of scope of LKRG project.
solardiz
commented
9 months ago @pythonmandev As Adam correctly wrote, this is currently out of scope, so I'll close this issue.
We might at a later time bring dealing with userspace vulnerabilities under scope.
lkrg can not detect and defense the "looney tunable" exploit for glibc with default installation.
root@VM-58-17-ubuntu:~/lkrg-0.9.7# sysctl -a| grep lkrg lkrg.block_modules = 0 lkrg.heartbeat = 0 lkrg.hide = 0 lkrg.interval = 15 lkrg.kint_enforce = 2 lkrg.kint_validate = 3 lkrg.log_level = 3 lkrg.msr_validate = 0 lkrg.pcfi_enforce = 1 lkrg.pcfi_validate = 2 lkrg.pint_enforce = 1 lkrg.pint_validate = 1 lkrg.profile_enforce = 2 lkrg.profile_validate = 3 lkrg.smap_enforce = 2 lkrg.smap_validate = 1 lkrg.smep_enforce = 2 lkrg.smep_validate = 1 lkrg.trigger = 0 lkrg.umh_enforce = 1 lkrg.umh_validate = 1
root@VM-58-17-ubuntu:~/lkrg-0.9.7# modinfo lkrg filename: /lib/modules/5.15.0-83-generic/extra/lkrg.ko license: GPL v2 description: pi3's Linux kernel Runtime Guard author: Adam 'pi3' Zabrocki (http://pi3.com.pl) srcversion: BD7E8EA61AD227BE5CB307F depends:
retpoline: Y name: lkrg vermagic: 5.15.0-83-generic SMP mod_unload modversions parm: log_level:log_level [3 (issue) is default] (uint) parm: heartbeat:heartbeat [0 (don't print) is default] (uint) parm: block_modules:block_modules [0 (don't block) is default] (uint) parm: interval:interval [15 seconds is default] (uint) parm: kint_validate:kint_validate [3 (periodically + random events) is default] (uint) parm: kint_enforce:kint_enforce [2 (panic) is default] (uint) parm: msr_validate:msr_validate [0 (disabled) is default] (uint) parm: pint_validate:pint_validate [1 (current) is default] (uint) parm: pint_enforce:pint_enforce [1 (kill task) is default] (uint) parm: umh_validate:umh_validate [1 (allow specific paths) is default] (uint) parm: umh_enforce:umh_enforce [1 (prevent execution) is default] (uint) parm: pcfi_validate:pcfi_validate [2 (fully enabled pCFI) is default] (uint) parm: pcfi_enforce:pcfi_enforce [1 (kill task) is default] (uint) parm: smep_validate:smep_validate [1 (enabled) is default] (uint) parm: smep_enforce:smep_enforce [2 (panic) is default] (uint) parm: smap_validate:smap_validate [1 (enabled) is default] (uint) parm: smap_enforce:smap_enforce [2 (panic) is default] (uint)
xxxxxx@VM-58-17-ubuntu:~/CVE-2023-4911-2$ make ./exp try 100 try 200 try 300 try 400 try 500 try 600 try 700 try 800 try 900 try 1000 try 1100 try 1200 try 1300 try 1400 try 1500 try 1600 try 1700 try 1800 try 1900 try 2000 try 2100 try 2200
id
uid=0(root) gid=0(root) groups=0(root),1001(xxxxxx)