ptrace secfix does NOT work... :(

• Next message: Francois Romieu: "Re: [USB] [PATCH] Crud-- (was: Re: [ATM] [UPDATE] unbalanced usw)"
• Previous message: Roman Zippel: "Re: kernel.bkbits.net and BK->CVS gateway"
• In reply to: Bernhard Kaindl: "[PATCH][2.4] cleanup ptrace secfix and fix most side effects"
• Next in thread: Daniel Jacobowitz: "Re: ptrace secfix does NOT work... :("
• Reply: Daniel Jacobowitz: "Re: ptrace secfix does NOT work... :("
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, May 09, 2003 at 12:05:52AM +0200, Bernhard Kaindl wrote:
> Hello,
>
> The attached patch cleans up the too restrictive checks which were
> included in the original ptrace/kmod secfix posted by Alan Cox
> and applies on top of a clean 2.4.20-rc1 source tree.

But the ptrace hole is _NOT_ fixed... :(

adamm@polaris:~/test$ uname -r
2.4.21-rc2
\u@\h:\w\$ ls -ltr hehe
-rw------- 1 root root 17 May 10 15:44 hehe
\u@\h:\w\$ whoami
root
\u@\h:\w\$ cat hehe
I can see you!!
                                                                                                              
\u@\h:\w\$ rm hehh
\u@\h:\w\$ ls -ltr hehe
ls: hehe: No such file or directory

I'm attaching the exploit so someone can fix the bug properly.
I could get root even with the patched 2.4.20 so I don't think
that this is the fault of the your patch.

- Adam

• text/x-csrc attachment: test.c

• Next message: Francois Romieu: "Re: [USB] [PATCH] Crud-- (was: Re: [ATM] [UPDATE] unbalanced usw)"
• Previous message: Roman Zippel: "Re: kernel.bkbits.net and BK->CVS gateway"
• In reply to: Bernhard Kaindl: "[PATCH][2.4] cleanup ptrace secfix and fix most side effects"
• Next in thread: Daniel Jacobowitz: "Re: ptrace secfix does NOT work... :("
• Reply: Daniel Jacobowitz: "Re: ptrace secfix does NOT work... :("
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b29 : Thu May 15 2003 - 22:00:35 EST