Contributed by jose on from the ibcs-compat-overflow dept.
It may be possible for a local user to overrun the stack in compat_ibcs2(8). ProPolice catches this, turning a potential privilege escalation into a denial of service. iBCS2 emulation does not need to be enabled via sysctl(8) for this to happen.For 3.3, Patch 011 for i386 has been released to address the problem. Note that there is no ProPolice in the kernel on i386 for the 3.3 release, so it can be used to escalate privileges there. An exploit has been openly circulated, by the way.
Thanks to everyone who worked on this patch.
(Comments are closed)