I patched it for kernel 2.2.12 and 2.2.19:
just replace
if ((!child->dumpable ||
(current->uid != child->euid) ||
(current->uid != child->suid) ||
(current->uid != child->uid) ||
(current->gid != child->egid) ||
(current->gid != child->sgid) ||
with
if ((!child->dumpable ||
(child->suid == 0) ||
(current->uid != child->euid) ||
(current->uid != child->suid) ||
(current->uid != child->uid) ||
(current->gid != child->egid) ||
(current->gid != child->sgid) ||
in /usr/src/linux/arch/i386/kernel/ptrace.c
This way nobody can "ATTACH" with ptrace a setuited task.
I do not know if this can be useful. Maybe the gurus in
the list can say something about it.
Is it even useful for new kernels?
Thanks.
Luca Venturini
Yepa S.r.l.
"mazzaro@inwind.it" wrote:
>
> Hi all,
>
> The exploit found on http://www.securiteam.com/exploits/5NP061P4AW.html
>
> Still works on the latest 2.2 that's to say (I Think), 2.2.19
>
> How can it be?
>
> There are still a lot of machines on the net which use that ker.
>
> Thank you for your attenction...
>
> P.S.
> The exploit works even on the latest kernel (of the 2.2 series, off course), found on
> ftp://updates.redhat.com/6.2/en/
>
> P.P.S.
> I'm trying to follow the ML, but the traffic is too high for me...:-(
> So, if you can... could you answer to my address?
>
> Thank you,
>
> Silvio Mazzaro
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/