Re: ptrace patch

James Bourne (jbourne@mtroyal.ab.ca)
Thu, 20 Mar 2003 07:45:58 -0700 (MST)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: John Bradford: "CPU misdetection and, (probably unrelated) IDE data corruption"
Previous message: Steven Cole: "Re: 2.5.65-mm2"
In reply to: Christoph Baumann: "ptrace patch"
Next in thread: Christoph Baumann: "Re: ptrace patch"

On Thu, 20 Mar 2003, Christoph Baumann wrote:

> FYI:
> The ptrace patch at
> http://www.hardrock.org/kernel/2.4.20/linux-2.4.20-ptrace.patch does not
> seem to work.
> I tried the exploit at http://sinuspl.net/ptrace/isec-ptrace-kmod-exploit.c
> on a machine running the patched kernel and it still brought up a root
> shell.

Hi,
Here is a test:

bash$ md5sum isec-ptrace-kmod-exploit.c
f3a5c17bf8d207d3f4828020d1bcfa0a isec-ptrace-kmod-exploit.c
bash$ make isec-ptrace-kmod-exploit
cc isec-ptrace-kmod-exploit.c -o isec-ptrace-kmod-exploit
bash$ ./isec-ptrace-kmod-exploit
[-] Unable to attach: Operation not permitted
Killed
bash$ id
uid=151(myusername)
gid=151(myusername)
groups=151(mygrpname)
bash$ uname -a
Linux myhostname 2.4.20-9-PE2650-6650 #1 SMP Mon Mar 17 11:22:15 MST 2003 i686 unknown
bash$

Thankfully it does work.

Check your binary for suid root.

Regards,
James Bourne

>
>
> Mit freundlichen Gruessen / Best regards
> Dipl.-Phys. Christoph Baumann
> ---
> SORCUS Computer GmbH
> Im Breitspiel 11 c
> D-69126 Heidelberg
>
> Tel.: +49(0)6221/3206-0
> Fax: +49(0)6221/3206-66
>
> -
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at http://www.tux.org/lkml/
>

-- James Bourne, Supervisor Data Centre Operations Mount Royal College, Calgary, AB, CA www.mtroyal.ab.ca

****************************************************************************** This communication is intended for the use of the recipient to which it is addressed, and may contain confidential, personal, and or privileged information. Please contact the sender immediately if you are not the intended recipient of this communication, and do not copy, distribute, or take action relying on it. Any communication received in error, or subsequent reply, should be deleted or destroyed. ******************************************************************************

"There are only 10 types of people in this world: those who understand binary and those who don't."

- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/

Next message: John Bradford: "CPU misdetection and, (probably unrelated) IDE data corruption"
Previous message: Steven Cole: "Re: 2.5.65-mm2"
In reply to: Christoph Baumann: "ptrace patch"
Next in thread: Christoph Baumann: "Re: ptrace patch"