[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: LWN: Ptrace vulnerability in 2.2 and 2.4 kernels

Rob Weir said:

> Hmm, I'm not really sure.  I've read the discussion on lkml, but a lot of
> it went over my head.  I think the answer is 'yes, for this
> particular one', but the root issue here could also lead to other
> vulnerabilities.  I'm still following that discussion, so I'll post if I
> ever figure it out myself.

at least in the 2.2.x series this is the case. the patch is a 6 line
patch to kernel/kmod.c which is part of CONFIG_KMOD, which cannot be
enabled if modules are disabled. I always have CONFIG_KMOD disabled
anyways since I hate the kernel trying to load things it thinks I want
it to load, so I am not vulnerable.

not sure about 2.4.x I haven't looked at the patch, but I suspect it
is probably the same..

patch for 2.2.x(diff'd against 2.2.19):
--- kernel/kmod.c	Tue Mar 18 14:10:18 2003
+++ kernel/kmod.c	Tue Mar 18 14:11:40 2003
@@ -155,12 +155,18 @@
 		return -ENOMEM;
+	{
+	int old=current->dumpable;
+	current->dumpable=0;	/* block ptrace */

 	pid = kernel_thread(exec_modprobe, (void*) module_name, 0);
 	if (pid < 0) {
 		printk(KERN_ERR "request_module[%s]: fork failed, errno %d\n",
module_name, -pid);
+		current->dumpable=old;
 		return pid;
+	}
+	current->dumpable=old;

 	/* Block everything but SIGKILL/SIGSTOP */

(haven't been following the thread been busy playing with my zaurus
for the past few days)

Reply to: