[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [Tlug_en] Ptrace Vulnerability Allows Gaining of Elevated Privileges under Linux

On Mon, Apr 07, 2003 at 09:42:43AM +0800, Rex Tsai wrote:
[deleted]
> 各位可以透過這個 apt resource 來更新檔案,建議馬上更新你的系統
> deb ftp://ftp.us.debian.org/debian dists/woody-proposed-updates/

not work on my woody, 是放在 /etc/apt/souces.list 就可以嗎 ?

放進去後 apt-get update 會有錯誤訊息.

> 如果你不想更新 kernel,一個 workaround 是裝 NPT LKM。(No Ptrace Linux Kernel
> Module) 這個 LKM 將讓除了 root 以外的用戶無法使用 ptrace,因此一般用戶將無法
> 使用 ptrace,因此非 root 之 user 將無法使用 gdb 等工具。

這一個在 Debian 上直接 run 不會 work, 看起來是 libc6-dev 裡面
header file 與 kernel version 不 match 的緣故.

> 
> ----------------------------------------------------------------------
> #!/bin/sh
> # MAKE ME EXECUTABLE !!!
> #
> # root@Hogwarts:/home/sacrine/TEST# chmod +x anti-ptrace
> # root@Hogwarts:/home/sacrine/TEST# ./anti-ptrace
> # [+] making anti-ptrace.c: OK
> # [+] compiling the script: OK
> # [+] loading the module : OK
> #
> 
> 
> echo -n " [+] making anti-ptrace.c: "
> cat > anti-ptrace.c <<NETRIC
> 
> /*
>  * Noodoplossing voor de ptrace race vuln
>  * anti-ptrace.c by sacrine
>  * netric.org
>  */
> 
> #define __KERNEL__
> #define MODULE
> #define LINUX
> 
> #include <linux/module.h>
> #include <linux/kernel.h>
> #include <linux/types.h>
> #include <linux/version.h>
> #include <linux/slab.h>
> #include <linux/sched.h>
> #include <linux/fs.h>
> #include <linux/ctype.h>
> #include <linux/tty.h>
> #include <sys/syscall.h>
> 
> #include <linux/ptrace.h>
> 
> long (*o_ptrace) ( pid_t pid,
>    void *addr,
>    void *data );
> 
> extern void* sys_call_table[];
> 
> int anti_ptrace( pid_t pid,
>    uid_t uid,
>    void *addr,
>    void *data )
> {
>    uid_t o_uid;
> 
>    if(current->uid == 0)
>      {
>  return(o_ptrace(pid,addr,data));
>      }
> 
>    printk("warning: ptrace(); violation\n"
>   "pid=[%i] uid=[%i]\n"
>   ,current->pid
>   ,current->uid);
> 
>    console_print("warning: non-root users are not allowed to use
> ptrace();\n");
>    return EPERM;
> }
> 
> int init_module(void)
> {
>    o_ptrace=sys_call_table[SYS_ptrace];
>    sys_call_table[SYS_ptrace]=anti_ptrace;
> 
>    printk("anti-ptrace kernel module loaded with pid=[%i]\n",
>   current->pid);
> 
>    return(0);
> }
> 
> void cleanup_module(void)
> {
>    sys_call_table[SYS_ptrace]=o_ptrace;
>    printk("anti-ptrace kernel module ended with pid=[%i]\n",
>   current->pid);
> }
> 
> NETRIC
> echo "OK";
> echo -n " [+] compiling the script: ";
> gcc -c anti-ptrace.c -I/lib/modules/$(uname -r)/build/include
> echo "OK";
> echo -n " [+] loading the module : ";
> /sbin/insmod anti-ptrace.o >/dev/null
> echo "OK";
> 
> # sacrine [Netric Security]
> ----------------------------------------------------------------------
> 
> 另外一個 NPT LKM http://www.securiteam.com/tools/5SP082K5GK.html
> -- 
> -Rex, geek by nature linux by choice
> 
> 
> 
> _______________________________________________
> Tlug_en mailing list
> Tlug_en@linux.org.tw
> https://www.linux.org.tw/mailman/listinfo/tlug_en
Reply to: