Re: Minor PTRACE security bug

Cezary Sliwa (sliwa@blue.cft.edu.pl)
Tue, 15 Sep 1998 16:10:14 +0200 (CEST)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Cezary Sliwa: "Re: Symlink strangeness"
Previous message: Theo Van Dinter: "Re: ext2 error"
In reply to: tack@sault.org: "ipchains blocks from SOCK_RAW?"
Next in thread: Paul Rusty Russell: "Re: ipchains blocks from SOCK_RAW?"

On Tue, 15 Sep 1998, Andreas Kies wrote:

>
> diff -u --rec old/linux/fs/exec.c linux/fs/exec.c
> --- old/linux/fs/exec.c Mon Sep 14 21:24:32 1998
> +++ linux/fs/exec.c Mon Sep 14 21:40:03 1998
> @@ -561,6 +561,12 @@
> }
> }
>
> + /* ptraced executables must be readable */
> + if (current->flags & PF_PTRACED) {
> + if ((retval = permission(bprm->inode, MAY_READ)) != 0)
> + return retval;
> + }
> +
> memset(bprm->buf,0,sizeof(bprm->buf));
> return read_exec(bprm->inode,0,bprm->buf,128,1);
> }
>

It does the job, but this is asking for troubles:
is this right disallow exec, maybe just subsequent
calls to ptrace should return error?
(turn off PF_PTRACED and does not allow to attach).

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/

Next message: Cezary Sliwa: "Re: Symlink strangeness"
Previous message: Theo Van Dinter: "Re: ext2 error"
In reply to: tack@sault.org: "ipchains blocks from SOCK_RAW?"
Next in thread: Paul Rusty Russell: "Re: ipchains blocks from SOCK_RAW?"