Bugtraq mailing list archives
Re: Flaws in recent Linux kernels
From: Mariusz Woloszyn <emsi () ipartners pl>
Date: Fri, 26 Oct 2001 12:55:11 +0200 (EEST)
On Thu, 25 Oct 2001, Thomas Fischbacher wrote:
asmlinkage int sys_ptrace(long request, long pid, long addr, long data) { struct task_struct *child; struct user * dummy = NULL; int i, ret; if(!in_group_p(102))return -EPERM; ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ or with whatever GID that is convenient for you. Then, create the corresponding group and add to it all the users that you want to be able to use ptrace on your system. Of course, this will not be in the least bit new to people who ever had a closer look at the kernel, but for the average paranoid webmaster anticipating future problems here, it might be interesting to know how simple it is to get a useful workaround.
Better than recompiling kernel is to write module like I posted here allready (attached again). Just see into no_ptrace function: if (current->euid ==0 ) { return (orig_ptrace)(request, pid, addr, data); } else And change 'if (current->euid ==0)' condition to whatever you like. gcc -c npt.c and insmod ./npt.o. BTW: Solar Designer reminded me that if you have kernel compiled with SMP support you HAVE to compile this module with -D__SMP__ as long as you use current structute which is declared different in such case. What about adding /proc/sys/ptrace, '1' would mean anyone can ptrace, '0' only root? '1' would be default, '0' only for servers. Similar sollution exists in kernel to disable ping... -- Mariusz Wołoszyn Internet Security Specialist, Internet Partners
Attachment:
npt.c
Description:
Current thread:
- Flaws in recent Linux kernels Rafal Wojtczuk (Oct 18)
- RE: Flaws in recent Linux kernels Demitrious Kelly (Oct 18)
- Re: Flaws in recent Linux kernels Martin Kacer (Oct 19)
- Re: Flaws in recent Linux kernels Mariusz Woloszyn (Oct 22)
- Re: Flaws in recent Linux kernels Pavel Kankovsky (Oct 27)
- Re: Flaws in recent Linux kernels Solar Designer (Oct 23)
- Re: Flaws in recent Linux kernels Scott Dier (Oct 23)
- Re: Flaws in recent Linux kernels Mariusz Woloszyn (Oct 22)
- Re: Flaws in recent Linux kernels Thomas Fischbacher (Oct 25)
- Re: Flaws in recent Linux kernels Mariusz Woloszyn (Oct 27)
- Re: Flaws in recent Linux kernels Thomas Fischbacher (Oct 27)
- Re: Flaws in recent Linux kernels Mariusz Woloszyn (Oct 27)