Bugtraq mailing list archives

Re: ptrace/execve race condition exploit (non brute-force)

From: Solar Designer <solar () OPENWALL COM>
Date: Wed, 28 Mar 2001 08:27:15 +0400

On Tue, Mar 27, 2001 at 02:05:54PM +0200, Wojciech Purczynski wrote:

Hi,

Here is exploit for ptrace/execve race condition bug in Linux kernels up
to 2.2.18.


Thanks for not releasing this before Linux 2.2.19 is out.  It would
be even better if you delayed this until the vendor updates are ready
(should be very soon) like I was planning to.

It works even on openwall patched kernels (including broken fix in 2.2.18ow4)


Yes, the fix in 2.2.18-ow4 and 2.0.39-ow2 is insufficient -- it only
reduced the window without completely fixing the race.

I'd like to thank Rafal Wojtczuk for discovering the problem with my
original fix almost immediately after its release and reporting it to
me and the affected vendors privately.  Unfortunately, Linux 2.2.19
and the vendor updates couldn't be released until now for other valid
reasons(*) so I had to decide against releasing a 2.2.18-ow5, submit
the correct fix for 2.2.19 and wait until it's released.

Linux 2.2.19 is out.  I've released the 2.2.19-ow1 and 2.0.39-ow3
patches yesterday:

        http://www.openwall.com/linux/

Please upgrade to one of these versions.

(*) To be explained here after the vendor updates are ready.

--
/sd

Current thread:

ptrace/execve race condition exploit (non brute-force) Wojciech Purczynski (Mar 27)
- Re: ptrace/execve race condition exploit (non brute-force) Wouter de Jong (Mar 27)
- Re: ptrace/execve race condition exploit (non brute-force) Solar Designer (Mar 27)
- <Possible follow-ups>
- Re: ptrace/execve race condition exploit (non brute-force) Mariusz Woloszyn (Mar 27)
  - Re: ptrace/execve race condition exploit (non brute-force) Solar Designer (Mar 28)