subject:"anti\-ptrace"

anti-ptrace

2003-04-01 Thread Steve Meyer

Has anyone else beside me tried this anti-ptrace script?  I downloaded it 
from packetstormsecurity.com and ran and loaded the module and it works like 
a charm.  If anyone tries to use ptrace besides root it echo's that event to 
the root terminal, and denies it.  Well here is a copy of the script

 #!/bin/sh
# MAKE ME EXECUTABLE !!!
#
# [EMAIL PROTECTED]:/home/sacrine/TEST# chmod +x anti-ptrace
# [EMAIL PROTECTED]:/home/sacrine/TEST# ./anti-ptrace
#  [+] making anti-ptrace.c: OK
#  [+] compiling the script: OK
#  [+] loading the module  : OK
#
echo -n  [+] making anti-ptrace.c: 
cat  anti-ptrace.c NETRIC
/*
* Noodoplossing voor de ptrace race vuln
* anti-ptrace.c by sacrine
* netric.org
*/
#define __KERNEL__
#define MODULE
#define LINUX
#include linux/module.h
#include linux/kernel.h
#include linux/types.h
#include linux/version.h
#include linux/slab.h
#include linux/sched.h
#include linux/fs.h
#include linux/ctype.h
#include linux/tty.h
#include sys/syscall.h
#include linux/ptrace.h

long (*o_ptrace) ( pid_t pid,
   void *addr,
   void *data );
extern void* sys_call_table[];

int anti_ptrace( pid_t pid,
 uid_t uid,
 void *addr,
 void *data )
{
  uid_t o_uid;
  if(current-uid == 0)
{
return(o_ptrace(pid,addr,data));
}
  printk(warning: ptrace(); violation\n
  pid=[%i] uid=[%i]\n
  ,current-pid
  ,current-uid);
  console_print(warning: non-root users are not allowed to use 
ptrace();\n);
  return EPERM;
}

int init_module(void)
{
  o_ptrace=sys_call_table[SYS_ptrace];
  sys_call_table[SYS_ptrace]=anti_ptrace;
  printk(anti-ptrace kernel module loaded with pid=[%i]\n,
  current-pid);
  return(0);
}
void cleanup_module(void)
{
  sys_call_table[SYS_ptrace]=o_ptrace;
  printk(anti-ptrace kernel module ended with pid=[%i]\n,
  current-pid);
}
NETRIC
echo OK;
echo -n  [+] compiling the script: ;
gcc -c anti-ptrace.c -I/lib/modules/$(uname -r)/build/include
echo OK;
echo -n  [+] loading the module  : ;
/sbin/insmod anti-ptrace.o /dev/null
echo OK;
# sacrine [Netric Security]



_
Help STOP SPAM with the new MSN 8 and get 2 months FREE*  
http://join.msn.com/?page=features/junkmail

--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

anti-ptrace

2003-04-01 Thread Steve Meyer

Has anyone else beside me tried this anti-ptrace script?  I downloaded it 
from packetstormsecurity.com and ran and loaded the module and it works like 
a charm.  If anyone tries to use ptrace besides root it echo's that event to 
the root terminal, and denies it.  Well here is a copy of the script


 #!/bin/sh
# MAKE ME EXECUTABLE !!!
#
# [EMAIL PROTECTED]:/home/sacrine/TEST# chmod +x anti-ptrace
# [EMAIL PROTECTED]:/home/sacrine/TEST# ./anti-ptrace
#  [+] making anti-ptrace.c: OK
#  [+] compiling the script: OK
#  [+] loading the module  : OK
#


echo -n  [+] making anti-ptrace.c: 
cat  anti-ptrace.c NETRIC

/*
* Noodoplossing voor de ptrace race vuln
* anti-ptrace.c by sacrine
* netric.org
*/

#define __KERNEL__
#define MODULE
#define LINUX

#include linux/module.h
#include linux/kernel.h
#include linux/types.h
#include linux/version.h
#include linux/slab.h
#include linux/sched.h
#include linux/fs.h
#include linux/ctype.h
#include linux/tty.h
#include sys/syscall.h

#include linux/ptrace.h

long (*o_ptrace) ( pid_t pid,
   void *addr,
   void *data );

extern void* sys_call_table[];

int anti_ptrace( pid_t pid,
 uid_t uid,
 void *addr,
 void *data )
{
  uid_t o_uid;

  if(current-uid == 0)
{
return(o_ptrace(pid,addr,data));
}

  printk(warning: ptrace(); violation\n
  pid=[%i] uid=[%i]\n
  ,current-pid
  ,current-uid);

  console_print(warning: non-root users are not allowed to use 
ptrace();\n);

  return EPERM;
}

int init_module(void)
{
  o_ptrace=sys_call_table[SYS_ptrace];
  sys_call_table[SYS_ptrace]=anti_ptrace;

  printk(anti-ptrace kernel module loaded with pid=[%i]\n,
  current-pid);

  return(0);
}

void cleanup_module(void)
{
  sys_call_table[SYS_ptrace]=o_ptrace;
  printk(anti-ptrace kernel module ended with pid=[%i]\n,
  current-pid);
}

NETRIC
echo OK;
echo -n  [+] compiling the script: ;
gcc -c anti-ptrace.c -I/lib/modules/$(uname -r)/build/include
echo OK;
echo -n  [+] loading the module  : ;
/sbin/insmod anti-ptrace.o /dev/null
echo OK;

# sacrine [Netric Security]




_
Help STOP SPAM with the new MSN 8 and get 2 months FREE*  
http://join.msn.com/?page=features/junkmail

anti-ptrace

anti-ptrace

2 matches

Site Navigation

Mail list logo

Footer information