Re: Kernels 2.2 and 2.4 exploit (ALL VERSION WHAT I HAVE TESTED UNTILL NOW!)

Anders Gustafsson (andersg@0x63.nu)
Wed, 19 Mar 2003 16:28:36 +0100

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Stephen J. Gowdy: "Re: [Linux-usb-users] USB harddrive not working (2.4, 2.5)"
Previous message: Martin J. Bligh: "RE: [Bug 471] New: Root on software raid don't boot on new 2.5 ke rnel since after 2.5.45"
In reply to: Alan Cox: "Re: Kernels 2.2 and 2.4 exploit (ALL VERSION WHAT I HAVE TESTED"

On Wed, Mar 19, 2003 at 04:13:05PM +0000, Alan Cox wrote:
> On Wed, 2003-03-19 at 14:55, Anders Gustafsson wrote:
> > If access can't be shut down while compiling the new kernel
> >
> > echo /foo/bar/doesnotexist >/proc/sys/kernel/modprobe
> >
> > would help, wouldn't it?
>
> Against the default exploit circulating yes, in the general
> case we don't believe so.

Ah, there might be other stuff than modprobe that execs out of a
kernelthread. But to exploit the kernelthread must execve so there is a
userspaceprocess to ptrace, right?

-- 
Anders Gustafsson - andersg@0x63.nu - http://0x63.nu/
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Next message: Stephen J. Gowdy: "Re: [Linux-usb-users] USB harddrive not working (2.4, 2.5)"
Previous message: Martin J. Bligh: "RE: [Bug 471] New: Root on software raid don't boot on new 2.5 ke rnel since after 2.5.45"
In reply to: Alan Cox: "Re: Kernels 2.2 and 2.4 exploit (ALL VERSION WHAT I HAVE TESTED"