Re: PROBLEM: old exploit works!!!

Manfred Spraul (manfred@colorfullife.com)
Tue, 9 Oct 2001 22:59:40 +0200


> Old exploit which works on kernels up to 2.2.18 (itr doesn't work on 2.2.19)
> works on 2.4.9!!
> I attach that exploit.
> [snip]
> if (check_execve(victim, filename))
> goto exit;
>
> (void)waitpid(victim, NULL, WUNTRACED);
> if (ptrace(PTRACE_CONT, victim, 0, 0)) {

It doesn't work, only the behaviour changed:
Linux now ignores the setuid bit if you try to ptrace a setuid app (idea from FreeBSD).
Up to 2.2.18 [and 2.4.0-pre?], it tried to return an error message if you try to ptrace a setuid app, and there was a race window
between the test (must be early, since it tries to return an error code) and the actual uid change. I haven't checked how it was
fixed in 2.2.19.

--
    Manfred

- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/