Re: Kernel 2.4.21-rc2 still vulnarable or am I doing something wrong?
On Tuesday 13 May 2003 06:11 am, Peter Holm wrote: > Did I something wrong? Or is this exploit, if not for a root shell, > still good for a local DOS? Yes, any user on any system may use all of the available CPU time unless the administrator has placed limits on them doing so. Presumably the exploit is trying to do what it does, over and over, continually failing. Any software could do any pointless calculation or operation over and over for the same effect. - Keegan
Kernel 2.4.21-rc2 still vulnarable or am I doing something wrong?
Hi, sorry for being so penetrating about this issue. I have some really obscure thing here. I downloaded http://www.kernel.org/pub/linux/kernel/v2.4/linux-2.4.20.tar.bz2 http://www.kernel.org/pub/linux/kernel/v2.4/testing/patch-2.4.21-rc2.bz2 to get rid of that ptrace bug. ok, I compiled it using kpkg-make, I tryid it several time and also WITHOUT odule support, but look what happens (I post the compile-process, maybe I did something wrong as I am not such an expert on these things): cd /usr/src/ tar --bzip2 -xvf linux-2.4.20.tar.bz2 bzip2 -dc patch-2.4.21-rc2.bz2 | patch -p0 cd /usr/src/kernel... make-kpkg clean make menuconfig make-kpkg clean fakeroot make-kpkg --append_to_version -X-01 \ --revision=rev.01 kernel_image dpkg -i kernel-image-2.4.21-X-01_rev.01_i386.deb shutdown -r now. ok, I login as root, just to check the system: uname -r 2.4.21-rc2-X-01 woody:~# /sbin/lsmod Module Size Used byNot tainted lsmod: QM_MODULES: Function not implemented OK, I disabled modules in kernel... then i login as some user... [EMAIL PROTECTED]:~$ id uid=999(xxx) gid=999(xxx) groups=999(xxx) [EMAIL PROTECTED]:~$ [EMAIL PROTECTED]:~$ cd /new/ptrace/isec-ptrace-kmod-exploit [-] Fatal error: Unknown error 125 Killed ok, looks good. But immediatly after this the system gets eaten up by the process started by this exploit, which is using 99% CPU. Did I something wrong? Or is this exploit, if not for a root shell, still good for a local DOS? Have a nice thread, Peter
Re: ptrace fix in 2.4
Hi, first let me thank you very much for answering my question! It´s just the special ptrace-bug situation, that makes me dive deeper into these things I usually do not touch, so I am really happy with someone giving me some hints! >However, it seems easier to start from the other direction: >download a vanilla -rc2 and merge the individual Debian-specific >patches with it (after you've checked it hasn't been applied by >kernel maintainers). I tried it with a vanilla kernel, which seems to work (for now, see my next msg for a really obscure thing), but it would be interesting to have an overview of all the debian specific kernel patches. I read about that in readme.debian in the kernel source top level dir. Question: where can I get patchfiles for these changes? Have a nice thread, Peter
Re: ptrace fix in 2.4
On Mon, May 12, 2003 at 03:10:05AM +0200, Peter Holm wrote: > On Fri, 09 May 2003 14:10:05 +0200, in linux.debian.security you > wrote: > > >Yesterday Bernhard Kaindl committed a cleanup patch addressing > >numerous problems encountered with the original ptrace fix. > >Now it should be in -rc2. For more information and diffs, see > > Could please someone instruct me, what to do now? I see there is a > 2.4.21-rc2 at kernel.org, I have to patch this against an 2.4.20 > kernel, ok, but can I use a debian package of the 2.4.20 source or > will this mess up? You can give it a try, if you insist on having the Debian modifications. I suppose, with careful manual merging it's possible to get a working mule kernel. However, it seems easier to start from the other direction: download a vanilla -rc2 and merge the individual Debian-specific patches with it (after you've checked it hasn't been applied by kernel maintainers). bit, adam -- 1024D/37B8D989 954B 998A E5F5 BA2A 3622 82DD 54C2 843D 37B8 D989 finger://[EMAIL PROTECTED] | Some days, my soul's confined http://www.keyserver.net | And out of mind Sleep forever
