[22404] in bugtraq
Re: Linux Kernel 2.2.x
daemon@ATHENA.MIT.EDU (Mariusz Woloszyn)
Fri Aug 24 12:53:30 2001
Date: Fri, 24 Aug 2001 11:54:31 +0200 (EEST)
From: Mariusz Woloszyn <emsi@ipartners.pl>
To: mazzaro@inwind.it
Cc: bugtraq@securityfocus.com
In-Reply-To: <01082318313000.00930@enterprise.bluecodes.com>
Message-ID: <Pine.LNX.4.04.10108241149210.12025-200000@dzyngiel.ipartners.pl>
MIME-Version: 1.0
Content-Type: MULTIPART/MIXED; CHARSET=iso-8859-1; BOUNDARY="------------Boundary-00=_I8LJWBNJ4VYHMA4AZT27"
Content-ID: <Pine.LNX.4.04.10108241149211.12025@dzyngiel.ipartners.pl>
--------------Boundary-00=_I8LJWBNJ4VYHMA4AZT27
Content-Type: TEXT/PLAIN; CHARSET=iso-8859-1
Content-Transfer-Encoding: 8BIT
Content-ID: <Pine.LNX.4.04.10108241149212.12025@dzyngiel.ipartners.pl>
On Thu, 23 Aug 2001, Silvio Mazzaro wrote:
> The execve/ptrace race condition still appears to work on linux kernel
> 2.2.19..
>
Again attached module disables ptrace for non root users. Id does not
solve the problem, but prevents exploiting it.
NOTE: there may be another way to exploit this vulnerability!
p.s. gcc -c npt.c; insmod ./npt.o
--
Mariusz Wołoszyn
Internet Security Specialist, Internet Partners
--------------Boundary-00=_I8LJWBNJ4VYHMA4AZT27
Content-Type: TEXT/PLAIN; charset=US-ASCII; name="npt.c"
Content-Transfer-Encoding: BASE64
Content-ID: <Pine.LNX.4.04.10108241154310.12025@dzyngiel.ipartners.pl>
Content-Description:
Content-Disposition: attachment; filename="npt.c"
Lyogbm8gcHRyYWNlIG1vZHVsZQ0KICAgZmFzdCBwcmV2ZW50aW9uIGZvciBr
ZW5yZWwgYnVnDQogICAoYykgMjAwMSBhIExhbTNyWiBvZGR5c2V5DQoqLw0K
DQoNCiNkZWZpbmUgTU9EVUxFDQojZGVmaW5lIF9fS0VSTkVMX18NCg0KI2lu
Y2x1ZGUgPGxpbnV4L21vZHVsZS5oPg0KI2luY2x1ZGUgPGxpbnV4L3NjaGVk
Lmg+DQojaW5jbHVkZSA8bGludXgvdW5pc3RkLmg+DQojaW5jbHVkZSA8c3lz
L3N5c2NhbGwuaD4NCg0KI2lmbmRlZiBLRVJORUxfVkVSU0lPTg0KI2RlZmlu
ZSBLRVJORUxfVkVSU0lPTihhLGIsYykgKChhKSo2NTUzNisoYikqMjU2Kyhj
KSkNCiNlbmRpZg0KDQojaWYgTElOVVhfVkVSU0lPTl9DT0RFID49IEtFUk5F
TF9WRVJTSU9OKDIsMiwwKQ0KI2luY2x1ZGUgPGFzbS91bmlzdGQuaD4NCiNl
bmRpZg0KDQojaWYgTElOVVhfVkVSU0lPTl9DT0RFID49IEtFUk5FTF9WRVJT
SU9OKDIsMiwxNCkNCiNpbmNsdWRlIDxiaXRzL3N5c2NhbGwuaD4NCiNlbmRp
Zg0KDQpleHRlcm4gdm9pZCAqc3lzX2NhbGxfdGFibGVbXTsNCg0KaW50ICgq
b3JpZ19wdHJhY2UpKGludCwgaW50LCBpbnQsIGludCk7DQoNCmludCBub19w
dHJhY2UgKGludCByZXF1ZXN0LCBpbnQgcGlkLCBpbnQgYWRkciwgaW50IGRh
dGEpIHsNCglpZiAoY3VycmVudC0+ZXVpZCA9PTAgKSB7DQoJCXJldHVybiAo
b3JpZ19wdHJhY2UpKHJlcXVlc3QsIHBpZCwgYWRkciwgZGF0YSk7DQoJfSBl
bHNlIA0KCXJldHVybiAtMTsNCn0NCg0KDQppbnQgaW5pdF9tb2R1bGUodm9p
ZCkgew0KCQ0KCW9yaWdfcHRyYWNlID0gc3lzX2NhbGxfdGFibGVbX19OUl9w
dHJhY2VdOw0KCXN5c19jYWxsX3RhYmxlW19fTlJfcHRyYWNlXT1ub19wdHJh
Y2U7DQoJcmV0dXJuIDA7DQp9DQoNCnZvaWQgY2xlYW51cF9tb2R1bGUodm9p
ZCkgew0KCQ0KCXN5c19jYWxsX3RhYmxlW19fTlJfcHRyYWNlXT1vcmlnX3B0
cmFjZTsNCn0NCg==
--------------Boundary-00=_I8LJWBNJ4VYHMA4AZT27--
