ptrace

Hello!

I have patched my kernel (2.4.20) with this patch:http://www.kernel.org/pub/linux/kernel/v2.4/testing/cset/cset-1.1076.txt

It compile correctly.
Now I have downloaded the km3.c and isec-ptrace-kmod-exploit.c

The km3.c doesn't write the OK! stuff, and it could run forever startingchild processes...

But the 'isec-ptrace-kmod-exploit.c' runs like this:
$ ./isec-ptrace-kmod-exploit
sh-2.05a#

So it droped me a root shell. Well it is not good I think, after thepatch...


I heard another way to stop this exploit:

The /proc/sys/kernel/modprobe contains a path for the modprobeexecutable. If I change it to /var/tmp for example, the exploit won't work.

Now this is true on most of my boxes. I didn't need to patch my kernels,because this workaround helped me.

But in one box, this isn't work either.

So, to be clear. I have box with 2.4.20 (patched) kernel, and theexploit works fine.

What should I do.

Sorry for my terrible english, I hope you understand the brief of themessage.


Daniel

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

Reply to:

Follow-Ups:
- Re: [despammed] ptrace
  - From: Ed McMan <edmcman@despammed.com>
- Re: ptrace
  - From: Phillip Hofmeister <plhofmei@zionlth.org>
- Re: ptrace
  - From: Josh Carroll <jkc120@sbcglobal.net>