Re: ptrace
If you compiled and ran the resulting binary before
upgrading your kernel, the isec-ptrace-kmod-exploit
binary may already be set[ug]id, which is a side
effect of running it. Make sure it's not +s and/or
g+s, or better yet just remove it and recompile it.
--- LeVA <leva@ecentrum.hu> wrote:
> Hello!
>
> I have patched my kernel (2.4.20) with this patch:
>
http://www.kernel.org/pub/linux/kernel/v2.4/testing/cset/cset-1.1076.txt
> It compile correctly.
> Now I have downloaded the km3.c and
> isec-ptrace-kmod-exploit.c
> The km3.c doesn't write the OK! stuff, and it could
> run forever starting
> child processes...
> But the 'isec-ptrace-kmod-exploit.c' runs like this:
> $ ./isec-ptrace-kmod-exploit
> sh-2.05a#
>
> So it droped me a root shell. Well it is not good I
> think, after the
> patch...
>
> I heard another way to stop this exploit:
>
> The /proc/sys/kernel/modprobe contains a path for
> the modprobe
> executable. If I change it to /var/tmp for example,
> the exploit won't work.
>
> Now this is true on most of my boxes. I didn't need
> to patch my kernels,
> because this workaround helped me.
> But in one box, this isn't work either.
> So, to be clear. I have box with 2.4.20 (patched)
> kernel, and the
> exploit works fine.
> What should I do.
>
> Sorry for my terrible english, I hope you understand
> the brief of the
> message.
>
> Daniel
>
> ATTACHMENT part 2 application/x-pkcs7-signature
name=smime.p7s
Reply to:
- References:
- ptrace
- From: LeVA <leva@ecentrum.hu>