[14358] in bugtraq
Re: Process hiding in linux
daemon@ATHENA.MIT.EDU (Peter W)
Mon Mar 20 08:39:53 2000
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-Id: <Pine.LNX.4.10.10003162145470.3909-100000@localhost>
Date: Fri, 17 Mar 2000 13:33:47 -0500
Reply-To: Peter W <peterw@USA.NET>
From: Peter W <peterw@USA.NET>
X-To: bugtraq@securityfocus.com
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <20000315234447.B144@bug.ucw.cz>
At 11:44pm Mar 15, 2000, Pavel Machek wrote:
> /proc/pid allows strange tricks (2.3.49):
> pavel@bug:~/misc$ ps aux | grep grep
> Warning: /boot/System.map has an incorrect kernel version.
> Warning: /usr/src/linux/System.map has an incorrect kernel version.
... interesting bits about /proc/$PID/status interface and how having
an open filehandle to a defunct proc's status can hide info from ps ...
1) The 2.3.x series [like all N.M.x kernels where ((M % 2) == 1)] are
development kernels, not for production use.
2) The 2.3.x development tree is up to 2.3.99-pre1, according to
http://www.kernel.org/ (Granted, 2.3.49 was only superceded nine
days ago, and 2.3.99-pre1 appears to really be 2.3.52, but that just
goes to illustrate that this is a developers' alpha release.)
In other words, check it on the current code (and what's up with having
the wrong System.map installed?) and post to the linux kernel-dev mailing
list if the dev kernel seems to have a bug. If they ignore you and seem
happy to release what you believe to be a product with a security flaw,
let the world know.
-Peter
http://www.bastille-linux.org/ : working towards more secure Linux systems
