Hello On Fri, Mar 21, 2003 at 08:52:36AM +0100, Alexander Neumann wrote: > That seems to work only for the exploit provided by him, but not for the > isec proof-of-concept exploit. It's a better workaround to use the npt > module from http://www.securiteam.com/tools/5SP082K5GK.html . > This module will restrict the use of ptrace() to root. It's not a fix, > but a workaround!
Does it work on your computer? It seems to have no effect here. I did "insmod -f ./npt.o" (-f because I cannot get rid of "kernel_version=2.4.20" although I have "2.4.20-westend1-intel"), verified it with lsmod and then tried the exploit from http://isec.pl/cliph/isec-ptrace-kmod-exploit.c I also verified with a printk line that the pointer old_ptrace is in fact the same address as "sys_ptrace" from /boot/System.map-`uname -r`. A printk at the beginning of "no_ptrace()" seems not to get called. bye, -christian- -- Christian Hammers WESTEND GmbH | Internet-Business-Provider Technik CISCO Systems Partner - Authorized Reseller Lütticher Straße 10 Tel 0241/701333-11 [EMAIL PROTECTED] D-52064 Aachen Fax 0241/911879