Re: [d-security] ptrace bug: ipsec exploit makes itself suid(0)

To: "Christian Hammers" <ch@debian.org>
Cc: <debian-security@lists.debian.org>
Subject: Re: [d-security] ptrace bug: ipsec exploit makes itself suid(0)
From: "David Ramsden" <david@hexstream.eu.org>
Date: Fri, 21 Mar 2003 16:38:43 -0000
Message-id: <[🔎] 00c201c2efc8$588564f0$010110ac@rancid>
References: <[🔎] 20030321025453.GA14943@eurielec.etsit.upm.es> <[🔎] 20030321075236.GJ2768@bumpern.de> <[🔎] 20030321095108.GB14027@westend.com> <20030321101755.GA22476@virus.home> <20030321114513.GA27229@westend.com> <20030321120227.GB22476@virus.home> <[🔎] 20030321131839.GG30463@westend.com> <[🔎] 000701c2efb3$fb493aa0$010110ac@rancid> <20030321150048.GJ13659@westend.com> <009a01c2efbc$6a650290$010110ac@rancid> <[🔎] 20030321152020.GL13659@westend.com>

----- Original Message -----
From: "Christian Hammers" <ch@debian.org>
To: "David Ramsden" <david@hexstream.eu.org>
Cc: <debian-security@lists.debian.org>
Sent: Friday, March 21, 2003 3:20 PM
Subject: Re: [d-security] Re: ptrace bug: ipsec exploit makes itself suid(0)

[snipped]
> ...
> > - Loading the module with with: insmod -f npt.o
> >     (Have to force load the module, unfortunatly)
>
[snipped]
>
> Compile with: -I/usr/local/src/kernel/linux-that-I-run/include/
> If you do no longer have your kernel source it is sufficient to
> copy the /boot/config-2.4.20-my-kernel (or whatever) back, do
> "make oldconfig && make dep && make bzImage && make modules" and
> then use this tree.
>
Hi,

I now have the NPT (no-ptrace) module working.
I followed Christian's advice. I had to download the 2.2.19 kernel source
from kernel.org as I can't apt-get kernel-source-2.2.19.
I then cp'ed /boot/config-`uname -r` to /usr/src/linux and did the
following: "make oldconfig && make dep && make bzImage && make modules".
The compile failed on 'make modules' for some reason but I recompile npt.c
using: gcc -c I/usr/src/linux/include npt.c

I could then insmod this module fine and it has stopped the exploit from
running and is logging to /var/log/messages fine.

Thanks for your help Christian. Hope others will find this useful too!

On a side note... why doesn't Debian have it's kernel source to 2.2.19 that
was used in Debian available anymore? All my servers are running Debian 3.0
(Stable) with the 2.2.19 kernel from the Debian install.

Thanks and regards,
David.
--
David Ramsden
http://portal.hexstream.eu.org/

Reply to:

References:
- Re: howcome there's no DSA for the latest Linux ptrace hole?
  - From: Guille -bisho- <bisho@eurielec.etsit.upm.es>
- Re: howcome there's no DSA for the latest Linux ptrace hole?
  - From: Alexander Neumann <alexander@bumpern.de>
- Re: howcome there's no DSA for the latest Linux ptrace hole?
  - From: Christian Hammers <ch@debian.org>
- ptrace bug: ipsec exploit makes itself suid(0)
  - From: Christian Hammers <ch@debian.org>
- Re: ptrace bug: ipsec exploit makes itself suid(0)
  - From: "David Ramsden" <david@hexstream.eu.org>
- Re: [d-security] Re: ptrace bug: ipsec exploit makes itself suid(0)
  - From: Christian Hammers <ch@debian.org>

Prev by Date: Re: [d-security] Re: ptrace bug: ipsec exploit makes itself suid(0)
Next by Date: determining which patches to apply...
Previous by thread: Re: [d-security] Re: ptrace bug: ipsec exploit makes itself suid(0)
Next by thread: Re: howcome there's no DSA for the latest Linux ptrace hole?
Index(es):
- Date
- Thread