Re: URGENT: Bug in ptrace()

[Luca Venturini <luca@yepa.com>]

Hi all,

I patched it for kernel 2.2.12 and 2.2.19:

just replace

                if ((!child->dumpable ||
                    (current->uid != child->euid) ||
                    (current->uid != child->suid) ||
                    (current->uid != child->uid) ||
                    (current->gid != child->egid) ||
                    (current->gid != child->sgid) ||

with

                if ((!child->dumpable ||
                    (child->suid == 0) ||
                    (current->uid != child->euid) ||
                    (current->uid != child->suid) ||
                    (current->uid != child->uid) ||
                    (current->gid != child->egid) ||
                    (current->gid != child->sgid) ||

in /usr/src/linux/arch/i386/kernel/ptrace.c

This way nobody can "ATTACH" with ptrace a setuited task.

I do not know if this can be useful. Maybe the gurus in
the list can say something about it.

Is it even useful for new kernels?

Thanks.

Luca Venturini
Yepa S.r.l.

"mazzaro@inwind.it" wrote:
> 
> Hi all,
> 
> The exploit found on http://www.securiteam.com/exploits/5NP061P4AW.html
> 
> Still works on the latest 2.2 that's to say (I Think), 2.2.19
> 
> How can it be?
> 
> There are still a lot of machines on the net which use that ker.
> 
> Thank you for your attenction...
> 
> P.S.
> The exploit works even on the latest kernel (of the 2.2 series, off course), found on
> ftp://updates.redhat.com/6.2/en/
> 
> P.P.S.
> I'm trying to follow the ML, but the traffic is too high for me...:-(
> So, if you can... could you answer to my address?
> 
> Thank you,
> 
> Silvio Mazzaro