From: Thomas Sattler (tsattler_at_gmx.de)
Date: Mon 24 Mar 2003 - 12:30:32 GMT

• Previous message: Jan Zuchhold: "Re: [vserver] Linux kmod/ptrace bug!"
• In reply to: Jan Zuchhold: "Re: [vserver] Linux kmod/ptrace bug!"
• Next in thread: Warren Togami: "Re: [vserver] Linux kmod/ptrace bug!"

Hi there ...

> > >From what I hear, a
> >
> > echo "/bin/false" > /proc/sys/kernel/modprobe
> >
> > should also fix the bug. Can anyone confirm?
>
> Nope, that fix does not work:

You should read more carefully: [1]

| It's a local root vulnerability. It's exploitable only if:
| 1. the kernel is built with modules and kernel module
| loader enabled and
| 2. /proc/sys/kernel/modprobe contains the path to some
| valid executable and
| 3. ptrace() calls are not blocked

AFAIK "/bin/false" is a *valid* executable. :-)
Try "/a/b/c", but I think using (3) is a better idea:
(http://www.hackinglinuxexposed.com/tools/p/noptrace.c.html)

Thomas

[1] taken from http://www.securityfocus.com/archive/1/315635

• Previous message: Jan Zuchhold: "Re: [vserver] Linux kmod/ptrace bug!"
• In reply to: Jan Zuchhold: "Re: [vserver] Linux kmod/ptrace bug!"
• Next in thread: Warren Togami: "Re: [vserver] Linux kmod/ptrace bug!"