Re: PTRACE Fixed?

To: Debian Security <debian-security@lists.debian.org>
Subject: Re: PTRACE Fixed?
From: Markus Kolb <debian@tower-net.de>
Date: Sat, 22 Mar 2003 13:43:55 +0100
Message-id: <[🔎] 3E7C5A8B.9090500@tower-net.de>
References: <[🔎] 20030322014325.GA2050@zionlth.org> <[🔎] 1048320533.1197.1.camel@damocles>

Jon wrote:

[...]


Linux kmod + ptrace local root exploit by <anszom@v-lo.krakow.pl>

=> Simple mode, executing /usr/bin/id > /dev/tty
sizeof(shellcode)=95
=> Child process started..........
=> Child process started..........


[...]


Does this mean the patch I downloaded worked?



Yes.

- Jon


Mmh, well, I have a non-patched 2.4.19 and so there should be the bug.
I've tried the k3m, too.
In my environment it first told me that my kernel is attackable.

I ran k3m a 2nd and 3rd time and it has only reported the "Child processstarted..." messages and produced child process zombies.

What is that? Is k3m buggy? Very strange...

Reply to:

Follow-Ups:
- Re: PTRACE Fixed?
  - From: Jon <jon@tgpsolutions.com>

References:
- PTRACE Fixed?
  - From: Phillip Hofmeister <plhofmei@zionlth.org>
- Re: PTRACE Fixed?
  - From: Jon <jon@tgpsolutions.com>

Prev by Date: selinux newbie questions
Next by Date: Re: Ptrace patch for 2.4.x BREAKS kill() 2 interesting effects for .pid and dot locking? (was Re: Ptrace hole / Linux 2.2.25)
Previous by thread: Re: PTRACE Fixed?
Next by thread: Re: PTRACE Fixed?
Index(es):
- Date
- Thread