Re: howcome there's no DSA for the latest Linux ptrace hole?

[Christian Hammers <ch@debian.org>]

Hello

On Fri, Mar 21, 2003 at 08:52:36AM +0100, Alexander Neumann wrote:
> That seems to work only for the exploit provided by him, but not for the
> isec proof-of-concept exploit. It's a better workaround to use the npt
> module from http://www.securiteam.com/tools/5SP082K5GK.html .
> This module will restrict the use of ptrace() to root. It's not a fix,
> but a workaround!

Does it work on your computer? It seems to have no effect here.
I did "insmod -f ./npt.o" (-f because I cannot get rid of
"kernel_version=2.4.20" although I have "2.4.20-westend1-intel"),
verified it with lsmod and then tried the exploit from
	http://isec.pl/cliph/isec-ptrace-kmod-exploit.c

I also verified with a printk line that the pointer old_ptrace is in
fact the same address as "sys_ptrace" from /boot/System.map-`uname -r`.

A printk at the beginning of "no_ptrace()" seems not to get called.

bye,

-christian-

-- 
Christian Hammers             WESTEND GmbH  |  Internet-Business-Provider
Technik                       CISCO Systems Partner - Authorized Reseller
                              Lütticher Straße 10      Tel 0241/701333-11
ch@westend.com                D-52064 Aachen              Fax 0241/911879