Re: [d-security] Re: ptrace bug: ipsec exploit makes itself suid(0)

To: David Ramsden <david@hexstream.eu.org>
Cc: debian-security@lists.debian.org
Subject: Re: [d-security] Re: ptrace bug: ipsec exploit makes itself suid(0)
From: Christian Hammers <ch@debian.org>
Date: Fri, 21 Mar 2003 16:20:20 +0100
Message-id: <[🔎] 20030321152020.GL13659@westend.com>
Mail-followup-to: Christian Hammers <ch@debian.org>, David Ramsden <david@hexstream.eu.org>, debian-security@lists.debian.org
In-reply-to: <009a01c2efbc$6a650290$010110ac@rancid>
References: <[🔎] 20030321025453.GA14943@eurielec.etsit.upm.es> <[🔎] 20030321075236.GJ2768@bumpern.de> <[🔎] 20030321095108.GB14027@westend.com> <20030321101755.GA22476@virus.home> <20030321114513.GA27229@westend.com> <20030321120227.GB22476@virus.home> <[🔎] 20030321131839.GG30463@westend.com> <[🔎] 000701c2efb3$fb493aa0$010110ac@rancid> <20030321150048.GJ13659@westend.com> <009a01c2efbc$6a650290$010110ac@rancid>

Hi

On Fri, Mar 21, 2003 at 03:13:23PM -0000, David Ramsden wrote:
> > On Fri, Mar 21, 2003 at 02:13:01PM -0000, David Ramsden wrote:
> > > I'd like to say that I've had no success with the no-ptrace module (NPT)
> > > (still get root and I've made sure the exploit hasn't been more than
> once, due to making itself suid(0)).
...
> - Loading the module with with: insmod -f npt.o
>     (Have to force load the module, unfortunatly)

People reported that exactly this prevents the module from working
although it seems to be loaded!
Maybe it cannot lookup the symbol table correctly if you compile 
it against anything else than the source of the running kernel.

Compile with: -I/usr/local/src/kernel/linux-that-I-run/include/
If you do no longer have your kernel source it is sufficient to
copy the /boot/config-2.4.20-my-kernel (or whatever) back, do 
"make oldconfig && make dep && make bzImage && make modules" and
then use this tree.

bye,

-christian-

Reply to:

Follow-Ups:
- Re: [d-security] ptrace bug: ipsec exploit makes itself suid(0)
  - From: "David Ramsden" <david@hexstream.eu.org>

References:
- Re: howcome there's no DSA for the latest Linux ptrace hole?
  - From: Guille -bisho- <bisho@eurielec.etsit.upm.es>
- Re: howcome there's no DSA for the latest Linux ptrace hole?
  - From: Alexander Neumann <alexander@bumpern.de>
- Re: howcome there's no DSA for the latest Linux ptrace hole?
  - From: Christian Hammers <ch@debian.org>
- ptrace bug: ipsec exploit makes itself suid(0)
  - From: Christian Hammers <ch@debian.org>
- Re: ptrace bug: ipsec exploit makes itself suid(0)
  - From: "David Ramsden" <david@hexstream.eu.org>

Prev by Date: Re: ptrace bug: ipsec exploit makes itself suid(0)
Next by Date: Re: [d-security] ptrace bug: ipsec exploit makes itself suid(0)
Previous by thread: Re: ptrace bug: ipsec exploit makes itself suid(0)
Next by thread: Re: [d-security] ptrace bug: ipsec exploit makes itself suid(0)
Index(es):
- Date
- Thread