ptrace bug: ipsec exploit makes itself suid(0)
Hello
On Fri, Mar 21, 2003 at 07:02:27PM +0700, Jean Christophe ANDRÉ wrote:
> Christian Hammers écrivait :
> > Strange, sometimes it works, sometimes it doesn't :-(
> > After one reboot, I inserted the module, and executed the expoit twice,
> > the first time it worked, then I exited the shell and then it didn't
> > worked again.
>
> Be carefull about the exploit owner/permission: it dynamically changes
> its owner/permissions to root.root/ug+s => setugid binary!
Argh, you're right, what a nasty little skript!
I Cc this to the mailing list so that others don't trap into this when
verifying whether or not their no-ptrace-module.o prevents an explotation
of the bug.
bye,
-christian-
--
"Arp! Arp!" - the mating call of the lonely packet
Reply to: