Old exploit which works on kernels up to 2.2.18 (itr doesn't work on 2.2.19)
works on 2.4.9!!
I attach that exploit.
Erm. Doesn't work. Just creates a non-root shell with a bad
environment. It says "Bug exploited successfully", but it's
simply confused.
Script started on Tue Oct 9 16:07:45 2001
$ whoami
rjohnson
$ gcc -o xxx c.c
$ ./xxx
Bug exploited successfully.
bash$ vi /etc/passwd
This termcap entry lacks the :cm=: capability
This termcap entry lacks the :ce=: capability
"/etc/passwd" [READONLY] 32 lines, 1594 chars
:1
root:Deleted:0:0:System Administration:/root:/bin/bash
:w!
Can't write to "/etc/passwd" -- NOT WRITTEN
:q
bash$ exit
exit
$ exit
exit
Script done on Tue Oct 9 16:08:54 2001
On Tue, 9 Oct 2001, Kitwor wrote:
> Old exploit which works on kernels up to 2.2.18 (itr doesn't work on 2.2.19)
> works on 2.4.9!!
> I attach that exploit.
>
Cheers,
Dick Johnson
Penguin : Linux version 2.4.1 on an i686 machine (799.53 BogoMips).
I was going to compile a list of innovations that could be
attributed to Microsoft. Once I realized that Ctrl-Alt-Del
was handled in the BIOS, I found that there aren't any.
I made the same test but it just locked the xterm.
Fabbione
"Richard B. Johnson" wrote:
>
> Erm. Doesn't work. Just creates a non-root shell with a bad
> environment. It says "Bug exploited successfully", but it's
> simply confused.
>
> Script started on Tue Oct 9 16:07:45 2001
> $ whoami
> rjohnson
> $ gcc -o xxx c.c
> $ ./xxx
> Bug exploited successfully.
> bash$ vi /etc/passwd
> This termcap entry lacks the :cm=: capability
> This termcap entry lacks the :ce=: capability
> "/etc/passwd" [READONLY] 32 lines, 1594 chars
> :1
> root:Deleted:0:0:System Administration:/root:/bin/bash
> :w!
> Can't write to "/etc/passwd" -- NOT WRITTEN
> :q
> bash$ exit
> exit
> $ exit
> exit
>
> Script done on Tue Oct 9 16:08:54 2001
> On Tue, 9 Oct 2001, Kitwor wrote:
>
> > Old exploit which works on kernels up to 2.2.18 (itr doesn't work on 2.2.19)
> > works on 2.4.9!!
> > I attach that exploit.
> >
>
> Cheers,
> Dick Johnson
>
> Penguin : Linux version 2.4.1 on an i686 machine (799.53 BogoMips).
>
> I was going to compile a list of innovations that could be
> attributed to Microsoft. Once I realized that Ctrl-Alt-Del
> was handled in the BIOS, I found that there aren't any.
>
> -
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to [email protected]
> More majordomo info at http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at http://www.tux.org/lkml/
--
Debian GNU/Linux Unstable Kernel 2.4.9
fabbione on irc.atdot.it #coredump #kchat | [email protected]
On Tue, 9 Oct 2001, Fabbione wrote:
> I made the same test but it just locked the xterm.
>
> Fabbione
Yup. No exploit. Everytime I see a 'c' file with ^M at
the end of each line, is should set a red flag. It's
a troll.
Cheers,
Dick Johnson
Penguin : Linux version 2.4.1 on an i686 machine (799.53 BogoMips).
I was going to compile a list of innovations that could be
attributed to Microsoft. Once I realized that Ctrl-Alt-Del
was handled in the BIOS, I found that there aren't any.
> Old exploit which works on kernels up to 2.2.18 (itr doesn't work on 2.2.19)
> works on 2.4.9!!
> I attach that exploit.
> [snip]
> if (check_execve(victim, filename))
> goto exit;
>
> (void)waitpid(victim, NULL, WUNTRACED);
> if (ptrace(PTRACE_CONT, victim, 0, 0)) {
It doesn't work, only the behaviour changed:
Linux now ignores the setuid bit if you try to ptrace a setuid app (idea from FreeBSD).
Up to 2.2.18 [and 2.4.0-pre?], it tried to return an error message if you try to ptrace a setuid app, and there was a race window
between the test (must be early, since it tries to return an error code) and the actual uid change. I haven't checked how it was
fixed in 2.2.19.
--
Manfred