About this list Date view Thread view Subject view Author view Attachment view

From: Thomas Sattler (tsattler_at_gmx.de)
Date: Mon 24 Mar 2003 - 12:30:32 GMT


Hi there ...

> > >From what I hear, a
> >
> > echo "/bin/false" > /proc/sys/kernel/modprobe
> >
> > should also fix the bug. Can anyone confirm?
>
> Nope, that fix does not work:

You should read more carefully: [1]

| It's a local root vulnerability. It's exploitable only if:
| 1. the kernel is built with modules and kernel module
| loader enabled and
| 2. /proc/sys/kernel/modprobe contains the path to some
| valid executable and
| 3. ptrace() calls are not blocked

AFAIK "/bin/false" is a *valid* executable. :-)
Try "/a/b/c", but I think using (3) is a better idea:
(http://www.hackinglinuxexposed.com/tools/p/noptrace.c.html)

Thomas

[1] taken from http://www.securityfocus.com/archive/1/315635


About this list Date view Thread view Subject view Author view Attachment view
[Next/Previous Months] [Main vserver Project Homepage] [Howto Subscribe/Unsubscribe] [Paul Sladen's vserver stuff]
Generated on Mon 24 Mar 2003 - 12:54:57 GMT by hypermail 2.1.3