Re: 2.4+ptrace exploit fix breaks root's ability to strace

Arjan van de Ven (arjanv@redhat.com)
22 Mar 2003 16:28:05 +0100

This is a MIME-formatted message. If you see this text it means that your
E-mail software does not support MIME-formatted messages.

--=_courier-18286-1048349047-0001-2
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable

> --- orig/kernel/ptrace.c Wed Mar 19 15:54:45 2003
> +++ linux/kernel/ptrace.c Sat Mar 22 10:14:01 2003
> @@ -22,7 +22,7 @@
> int ptrace_check_attach(struct task_struct *child, int kill)
> {
> mb();
> - if (!is_dumpable(child))
> + if (!is_dumpable(child) && !(child->ptrace & PT_PTRACE_CAP))
> return -EPERM;
> =20
> if (!(child->ptrace & PT_PTRACED))

this sounds really wrong; the child says it doesn't want to be ptraced
and now you allow it anyway. I think the problem is more that the child
isn't dumpable.... checking why

--=_courier-18286-1048349047-0001-2
Content-Type: application/pgp-signature; name="signature.asc"
Content-Transfer-Encoding: 7bit
Content-Description: This is a digitally signed message part

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQA+fIEFxULwo51rQBIRAkCqAJ975Arr9hyugxFiSafSZOI/6Ywz9wCeNLEk
2ZVTEYzWaRqEz9+9t0xP4dQ=
=ceZ/
-----END PGP SIGNATURE-----

--=_courier-18286-1048349047-0001-2--

 /font>