Comments on cr0 blog: Bypassing Linux' NULL pointer dereference exploit ...

No, we fixed it on Android

2009-12-03T15:48:02.559-08:00

No, we fixed it on Android

"So what we need is a setuid binary that will...

2009-11-30T05:25:05.352-08:00

"So what we need is a setuid binary that will give us control back without going through exec."

We'd need to find such a binary on Android to use this method as far as I understand.

Could this be used to gain root in Android? The cu...

2009-11-23T06:27:54.459-08:00

Could this be used to gain root in Android? The current method does not work anymore, they patched mmap_min_addr.

No, it's not a bug in pulseaudio. It was a bug...

2009-08-16T14:16:54.643-07:00

No, it's not a bug in pulseaudio. It was a bug in the Linux kernel and we already corrected it there.

I would assume that this should be considered a se...

2009-08-16T14:10:05.467-07:00

I would assume that this should be considered a security bug in pulseaudio, right? Could you please report it there?

BTW the first 2 things listed in your list of thin...

2009-07-20T14:25:26.041-07:00

BTW the first 2 things listed in your list of things you tried to do to bypass mmap_min_addr worked just fine for the first 6 months it was in the kernel ;)

-Brad

Interestingly, with SELinux, it's likely that ...

2009-07-16T09:07:23.418-07:00

Interestingly, with SELinux, it's likely that your SELinux policy will allow pulseaudio to mmap() at address zero anyway (seems to work on Fedora).

With SELinux, you don't need the personality trick, and having CVE-2009-1895 fixed is not going to help you, you need to update your policy instead.