Alan Cox wrote:
> Vulnerability: CAN-2003-0127
> The Linux 2.2 and Linux 2.4 kernels have a flaw in ptrace. This hole allows
> local users to obtain full privileges. Remote exploitation of this hole is
> not possible. Linux 2.5 is not believed to be vulnerable.
The patch breaks /proc/<pid>/cmdline and /proc/<pid>/environ for 'non dumpable'
processes, even for root.
We need to access theses proc files for processes monitoring.
Included is a patch to restore this functionnality for root.
Any comments ?
(See attached file: cmdline_environ_fix.diff)
-- Mathieu Lafon - Arkoon Network Security
- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Sun Mar 23 2003 - 22:00:26 EST