[20007] in bugtraq
Re: .. ptrace improvement
daemon@ATHENA.MIT.EDU (Viraj Alankar)
Tue Apr 3 17:27:29 2001
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-ID: <Pine.LNX.4.30.0104021056400.23600-100000@localhost.localdomain>
Date: Mon, 2 Apr 2001 11:03:14 -0400
Reply-To: Viraj Alankar <valankar@IFXCORP.COM>
From: Viraj Alankar <valankar@IFXCORP.COM>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <5.0.2.1.2.20010331200447.02f6a048@students.uiuc.edu>
On Sat, 31 Mar 2001, Tim Yardley wrote:
> As always, there are always ways to improve things. This version of the
> exploit posted here previously overwrites the dl _start routine and doesnt
> modify eip. This will help on stack non-exec systems and doesnt require
> you to calculate the bss offset. I didn't test it, but this should still
> work on a stackguard compiled program as well.
This works on my RH 6.2 w/ 2.2.16-3. I see that Redhat released a 2.2.17
RPM on 2/8/2001 with 'ptrace' as one of the keywords. Does anyone know if
this RPM addresses the problem?
Viraj.
