Linux 2.6.30 and the "init_cred" symbol

Linux 2.6.30 and the "init_cred" symbol

am 05.03.2010 04:54:37 von cyril

Hello all !

I have recently become interested in understanding some recent exploits
written by Brad Spengler, and especially the one using a null-pointer
dereference in tun_chr_poll() (this exploit can be found here :
http://grsecurity.net/~spender/cheddar_bay.tgz).

After taking a look at his code, I decided to compile Linux 2.6.30, so I
could run the exploit and play with the code a little. I ended up
cloning the following repository
(http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6. 30.y.git;a=summary)
and doing a checkout of an older branch (in which the patch
http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.3 0.y.git;a=commit;h=3f8fd3f9f677ce452556aca82473b7fcac370830
had not been applied). I compiled the kernel as a .deb package, and it
works perfectly on a virtual machine running Debian.

The problem is I can't get to run the exploit : to do so, I would need
to be able to resolve the address of the "init_cred" symbol. The fact is
that the following command does not return anything :
$ grep init_cred /proc/kallsyms

According to http://lwn.net/Articles/287091/, init_cred is "the set of
credentials used by the init process and by all kernel daemons", which
makes me think this symbol should be there. Do you think I did something
wrong when compiling the kernel, or is that normal not to find this
symbol on certain versions of Linux ?

Thanks in advance !

Cyril Roelandt.
--
To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.linux-learn.org/faqs