Re: LWN: Ptrace vulnerability in 2.2 and 2.4 kernels
Rob Weir said:
> Hmm, I'm not really sure. I've read the discussion on lkml, but a lot of
> it went over my head. I think the answer is 'yes, for this
> particular one', but the root issue here could also lead to other
> vulnerabilities. I'm still following that discussion, so I'll post if I
> ever figure it out myself.
at least in the 2.2.x series this is the case. the patch is a 6 line
patch to kernel/kmod.c which is part of CONFIG_KMOD, which cannot be
enabled if modules are disabled. I always have CONFIG_KMOD disabled
anyways since I hate the kernel trying to load things it thinks I want
it to load, so I am not vulnerable.
not sure about 2.4.x I haven't looked at the patch, but I suspect it
is probably the same..
patch for 2.2.x(diff'd against 2.2.19):
--- kernel/kmod.c Tue Mar 18 14:10:18 2003
+++ kernel/kmod.c Tue Mar 18 14:11:40 2003
@@ -155,12 +155,18 @@
atomic_dec(&kmod_concurrent);
return -ENOMEM;
}
+ {
+ int old=current->dumpable;
+ current->dumpable=0; /* block ptrace */
pid = kernel_thread(exec_modprobe, (void*) module_name, 0);
if (pid < 0) {
printk(KERN_ERR "request_module[%s]: fork failed, errno %d\n",
module_name, -pid);
atomic_dec(&kmod_concurrent);
+ current->dumpable=old;
return pid;
+ }
+ current->dumpable=old;
}
/* Block everything but SIGKILL/SIGSTOP */
nate
(haven't been following the thread been busy playing with my zaurus
for the past few days)
Reply to: