Re: 2.4+ptrace exploit fix breaks root's ability to strace

• Next message: Russell King: "Re: 2.4+ptrace exploit fix breaks root's ability to strace"
• Previous message: Alan Cox: "Re: IDE todo list"
• In reply to: Russell King: "Re: 2.4+ptrace exploit fix breaks root's ability to strace"
• Next in thread: Russell King: "Re: 2.4+ptrace exploit fix breaks root's ability to strace"
• Reply: Russell King: "Re: 2.4+ptrace exploit fix breaks root's ability to strace"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sat, 2003-03-22 at 17:13, Russell King wrote:
> ptrace has always explicitly allowed a process with the CAP_SYS_PTRACE
> capability to ptrace a task which isn't dumpable. With the ptrace "fix"
> in place, you can attach to a non-dumpable thread:

Note that this is a bug, and is now a fixed bug. The looser check you
can do requires you check

        my_capabilities >= his capbilities

Otherwise you have priviledge escalation for CAP_SYS_PTRACE to
CAP_SYS_RAWIO trivially

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

• Next message: Russell King: "Re: 2.4+ptrace exploit fix breaks root's ability to strace"
• Previous message: Alan Cox: "Re: IDE todo list"
• In reply to: Russell King: "Re: 2.4+ptrace exploit fix breaks root's ability to strace"
• Next in thread: Russell King: "Re: 2.4+ptrace exploit fix breaks root's ability to strace"
• Reply: Russell King: "Re: 2.4+ptrace exploit fix breaks root's ability to strace"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b29 : Sun Mar 23 2003 - 22:00:41 EST