----- Original Message ----- From: "Christian Hammers" <[EMAIL PROTECTED]> To: "David Ramsden" <[EMAIL PROTECTED]> Cc: <debian-security@lists.debian.org> Sent: Friday, March 21, 2003 3:20 PM Subject: Re: [d-security] Re: ptrace bug: ipsec exploit makes itself suid(0)
[snipped] > ... > > - Loading the module with with: insmod -f npt.o > > (Have to force load the module, unfortunatly) > [snipped] > > Compile with: -I/usr/local/src/kernel/linux-that-I-run/include/ > If you do no longer have your kernel source it is sufficient to > copy the /boot/config-2.4.20-my-kernel (or whatever) back, do > "make oldconfig && make dep && make bzImage && make modules" and > then use this tree. > Hi, I now have the NPT (no-ptrace) module working. I followed Christian's advice. I had to download the 2.2.19 kernel source from kernel.org as I can't apt-get kernel-source-2.2.19. I then cp'ed /boot/config-`uname -r` to /usr/src/linux and did the following: "make oldconfig && make dep && make bzImage && make modules". The compile failed on 'make modules' for some reason but I recompile npt.c using: gcc -c I/usr/src/linux/include npt.c I could then insmod this module fine and it has stopped the exploit from running and is logging to /var/log/messages fine. Thanks for your help Christian. Hope others will find this useful too! On a side note... why doesn't Debian have it's kernel source to 2.2.19 that was used in Debian available anymore? All my servers are running Debian 3.0 (Stable) with the 2.2.19 kernel from the Debian install. Thanks and regards, David. -- David Ramsden http://portal.hexstream.eu.org/