Re: Ptrace hole / Linux 2.2.25

From: mlafon@arkoon.net
Date: Wed Mar 19 2003 - 06:28:02 EST


Alan Cox wrote:
> Vulnerability: CAN-2003-0127

> The Linux 2.2 and Linux 2.4 kernels have a flaw in ptrace. This hole allows
> local users to obtain full privileges. Remote exploitation of this hole is
> not possible. Linux 2.5 is not believed to be vulnerable.

The patch breaks /proc/<pid>/cmdline and /proc/<pid>/environ for 'non dumpable'
processes, even for root.

We need to access theses proc files for processes monitoring.

Included is a patch to restore this functionnality for root.

Any comments ?
(See attached file: cmdline_environ_fix.diff)

--
Mathieu Lafon - Arkoon Network Security


- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/



This archive was generated by hypermail 2b29 : Sun Mar 23 2003 - 22:00:26 EST