Hello
On Fri, Mar 21, 2003 at 08:52:36AM +0100, Alexander Neumann wrote:
> That seems to work only for the exploit provided by him, but not for the
> isec proof-of-concept exploit. It's a better workaround to use the npt
> module from http://www.securiteam.com/tools/5SP082K5GK.html .
> This module will restrict the use of ptrace() to root. It's not a fix,
> but a workaround!
Does it work on your computer? It seems to have no effect here.
I did "insmod -f ./npt.o" (-f because I cannot get rid of
"kernel_version=2.4.20" although I have "2.4.20-westend1-intel"),
verified it with lsmod and then tried the exploit from
http://isec.pl/cliph/isec-ptrace-kmod-exploit.c
I also verified with a printk line that the pointer old_ptrace is in
fact the same address as "sys_ptrace" from /boot/System.map-`uname -r`.
A printk at the beginning of "no_ptrace()" seems not to get called.
bye,
-christian-
--
Christian Hammers WESTEND GmbH | Internet-Business-Provider
Technik CISCO Systems Partner - Authorized Reseller
Lütticher Straße 10 Tel 0241/701333-11
[EMAIL PROTECTED] D-52064 Aachen Fax 0241/911879
