[15298] in bugtraq
Re: Sendmail 8.10.2, Linux 2.4.0 - capabilities
daemon@ATHENA.MIT.EDU (Kyle Sparger)
Sat Jun 10 05:25:53 2000
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-Id: <Pine.LNX.4.10.10006081438290.6561-100000@vaevictis.dialtoneinternet.net>
Date: Thu, 8 Jun 2000 14:41:54 -0400
Reply-To: Kyle Sparger <ksparger@DIALTONEINTERNET.NET>
From: Kyle Sparger <ksparger@DIALTONEINTERNET.NET>
X-To: Valdis Kletnieks <Valdis.Kletnieks@VT.EDU>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <200006081628.e58GSiL29316@black-ice.cc.vt.edu>
> My first shot at Linux kernel hacking - were there any other tweaks to
> close this hole? ;)
I don't know what all the consequences of this are, but the module below
will disable the capset system call (which I think is necessary for the
exploit). This is also my first shot at kernel hacking -- if I did
something stupid, please educate rather than flame :)
Note that I don't know what all uses the capabilities code, but I've been
running this module on my system here for a few hours without consequence.
Thanks,
Kyle Sparger - Senior System Administrator
Dialtone Internet - Extremely Fast Web Systems
(954) 581-0097 - Voice (954) 581-7629 - Fax
ksparger@dialtoneinternet.net
http://www.dialtoneinternet.net
---------------------------------------
bogus_capset.c, compile:
gcc -DMODULE -c bogus_capset.c
---------------------------------------
#include <linux/kernel.h>
#include <linux/module.h>
#include <sys/syscall.h>
#include <linux/linkage.h>
#include <linux/errno.h>
#include <sys/syscall.h>
extern void *sys_call_table[];
asmlinkage int bogus_capset()
{
return -EPERM;
}
int init_module()
{
sys_call_table[__NR_capset] = bogus_capset;
return 0;
}
void cleanup_module()
{
}
