Hi! I applied Alan Cox's patches for ptrace bug. But system is still
exploitable.
I used my own kernel-2.4.19 with patch for 2.4.19 kernel. It does not
helped. Then I took vanilla 2.4.20 kernel from http://www.kernel.org and applied
patch for 2.4.20 kernel. System is still exploitable.
Cheers,YP
-
Mr. Yaroslav Popovitch [email protected] - tel. +372 6419975
SOT Finnish Software Engineering Ltd. - fax +372 6419975
Kreutzwaldi 7-4, 10124 TALLINN - http://www.sot.com
ESTONIA - http://sotlinux.net
On Thu, Mar 20, 2003 at 09:23:28PM +0200, Yaroslav Popovitch wrote:
> Hi! I applied Alan Cox's patches for ptrace bug. But system is still
> exploitable.
>
> I used my own kernel-2.4.19 with patch for 2.4.19 kernel. It does not
> helped. Then I took vanilla 2.4.20 kernel from http://www.kernel.org and applied
> patch for 2.4.20 kernel. System is still exploitable.
Can you verify that you are clearing the setuid bit that gets set, when
the exploit is run? IIRC, you must manually do that to verify that your
system is indeed no longer exploitable.
Jeff
On Thu, 20 Mar 2003, Jeff Garzik wrote:
> On Thu, Mar 20, 2003 at 09:23:28PM +0200, Yaroslav Popovitch wrote:
> > Hi! I applied Alan Cox's patches for ptrace bug. But system is still
> > exploitable.
> >
> > I used my own kernel-2.4.19 with patch for 2.4.19 kernel. It does not
> > helped. Then I took vanilla 2.4.20 kernel from http://www.kernel.org and applied
> > patch for 2.4.20 kernel. System is still exploitable.
>
> Can you verify that you are clearing the setuid bit that gets set, when
> the exploit is run? IIRC, you must manually do that to verify that your
> system is indeed no longer exploitable.
>
> Jeff
>
Thanks, it helped ;). I did not delete and recompiled exploit from
previous attempts, so it had SUID flag set. Thx.
Sry for panic ...
Cheers,YP
>
>
>
-
Mr. Yaroslav Popovitch [email protected] - tel. +372 6419975
SOT Finnish Software Engineering Ltd. - fax +372 6419975
Kreutzwaldi 7-4, 10124 TALLINN - http://www.sot.com
ESTONIA - http://sotlinux.net