[14362] in bugtraq
Re: Process hiding in linux
daemon@ATHENA.MIT.EDU (Pavel Machek)
Tue Mar 21 00:19:23 2000
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Message-Id: <20000320130536.A6277@atrey.karlin.mff.cuni.cz>
Date: Mon, 20 Mar 2000 13:05:36 +0100
Reply-To: Pavel Machek <pavel@UCW.CZ>
From: Pavel Machek <pavel@UCW.CZ>
X-To: Peter W <peterw@USA.NET>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <Pine.LNX.4.10.10003162145470.3909-100000@localhost>; from
peterw@USA.NET on Fri, Mar 17, 2000 at 01:33:47PM -0500
Hi!
> > /proc/pid allows strange tricks (2.3.49):
>
> > pavel@bug:~/misc$ ps aux | grep grep
> > Warning: /boot/System.map has an incorrect kernel version.
> > Warning: /usr/src/linux/System.map has an incorrect kernel version.
>
> ... interesting bits about /proc/$PID/status interface and how having
> an open filehandle to a defunct proc's status can hide info from ps ...
>
> 1) The 2.3.x series [like all N.M.x kernels where ((M % 2) == 1)] are
> development kernels, not for production use.
I know _that_. And? This bug is 99% going to be in 2.4.0.
> 2) The 2.3.x development tree is up to 2.3.99-pre1, according to
> http://www.kernel.org/ (Granted, 2.3.49 was only superceded nine
> days ago, and 2.3.99-pre1 appears to really be 2.3.52, but that just
> goes to illustrate that this is a developers' alpha release.)
I do read released patches, and when something would drastiacally
change in fs/proc, I would probably notice.
> In other words, check it on the current code (and what's up with having
> the wrong System.map installed?) and post to the linux kernel-dev mailing
> list if the dev kernel seems to have a bug. If they ignore you and seem
> happy to release what you believe to be a product with a security flaw,
> let the world know.
I already did that week or so ago.
Pavel
--
The best software in life is free (not shareware)! Pavel
GCM d? s-: !g p?:+ au- a--@ w+ v- C++@ UL+++ L++ N++ E++ W--- M- Y- R+
