Bugtraq mailing list archives

Re: ptrace/execve race condition exploit (non brute-force)

From: Solar Designer <solar () OPENWALL COM>
Date: Wed, 28 Mar 2001 12:18:56 +0400

On Wed, Mar 28, 2001 at 01:32:15AM +0200, Mariusz Woloszyn wrote:

Anyway: here is a fast way to fix the problem (but intoduces new one), the
kernel module that disables ptrace syscall.


Don't forget that the race isn't only against ptrace.  There's
procfs.  Fortunately, get_task() in fs/proc/mem.c checks for
PF_PTRACED, so the worst ways of abuse via procfs are solved with
disabling ptrace.  But it is not so obvious what other attacks
remain possible.

--
/sd

Current thread:

ptrace/execve race condition exploit (non brute-force) Wojciech Purczynski (Mar 27)
- Re: ptrace/execve race condition exploit (non brute-force) Wouter de Jong (Mar 27)
- Re: ptrace/execve race condition exploit (non brute-force) Solar Designer (Mar 27)
- <Possible follow-ups>
- Re: ptrace/execve race condition exploit (non brute-force) Mariusz Woloszyn (Mar 27)
  - Re: ptrace/execve race condition exploit (non brute-force) Solar Designer (Mar 28)