Re: Ptrace hole / Linux 2.2.25

• Next message: Miquel van Smoorenburg: "Re: select() stress"
• Previous message: Jeff Garzik: "Re: sundance DFE-580TX DL10050B patch"
• In reply to: Alan Cox: "Ptrace hole / Linux 2.2.25"
• Next in thread: Tomas Szepe: "re: Ptrace hole / Linux 2.2.25"
• Reply: Tomas Szepe: "re: Ptrace hole / Linux 2.2.25"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, 2003-03-17 at 17:04, Alan Cox wrote:
> Vulnerability: CAN-2003-0127
>
> The Linux 2.2 and Linux 2.4 kernels have a flaw in ptrace. This hole allows
> local users to obtain full privileges. Remote exploitation of this hole is
> not possible. Linux 2.5 is not believed to be vulnerable.
>
> Linux 2.2.25 has been released to correct Linux 2.2. It contains no other
> changes. The bug fixes that would have been in 2.2.5pre1 will now appear in
> 2.2.26pre1. The patch will apply directly to most older 2.2 releases.
>
> A patch for Linux 2.4.20/Linux 2.4.21pre is attached. The patch also
> subtly changes the PR_SET_DUMPABLE prctl. We believe this is neccessary and
> that it will not affect any software. The functionality change is specific
> to unusual debugging situations.

I've attached a patch against 2.4.21pre5

• text/x-patch attachment: ptrace.patch__charset_UTF-8

• application/pgp-signature attachment: This is a digitally signed message part

• Next message: Miquel van Smoorenburg: "Re: select() stress"
• Previous message: Jeff Garzik: "Re: sundance DFE-580TX DL10050B patch"
• In reply to: Alan Cox: "Ptrace hole / Linux 2.2.25"
• Next in thread: Tomas Szepe: "re: Ptrace hole / Linux 2.2.25"
• Reply: Tomas Szepe: "re: Ptrace hole / Linux 2.2.25"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b29 : Sun Mar 23 2003 - 22:00:20 EST