Re: ptrace secfix does NOT work... :(

Daniel Jacobowitz (dan@debian.org)
Sat, 10 May 2003 17:11:54 -0400

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: David Wagner: "Re: The disappearing sys_call_table export."
Previous message: David Woodhouse: "Re: TRIVIAL: turn of AGP drivers which are not supported on ia64"

On Sat, May 10, 2003 at 03:52:49PM -0500, Adam Majer wrote:
> On Fri, May 09, 2003 at 12:05:52AM +0200, Bernhard Kaindl wrote:
> > Hello,
> >
> > The attached patch cleans up the too restrictive checks which were
> > included in the original ptrace/kmod secfix posted by Alan Cox
> > and applies on top of a clean 2.4.20-rc1 source tree.
>
> But the ptrace hole is _NOT_ fixed... :(

This is the exploit which makes itself suid. Did you leave it suid
before retesting it?

> adamm@polaris:~/test$ uname -r
> 2.4.21-rc2
> \u@\h:\w\$ ls -ltr hehe
> -rw------- 1 root root 17 May 10 15:44 hehe
> \u@\h:\w\$ whoami
> root
> \u@\h:\w\$ cat hehe
> I can see you!!
>
> \u@\h:\w\$ rm hehh
> \u@\h:\w\$ ls -ltr hehe
> ls: hehe: No such file or directory

Huh?

-- 
Daniel Jacobowitz
MontaVista Software                         Debian GNU/Linux Developer
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Next message: David Wagner: "Re: The disappearing sys_call_table export."
Previous message: David Woodhouse: "Re: TRIVIAL: turn of AGP drivers which are not supported on ia64"