Bugtraq mailing list archives
Re: ptrace/execve race condition exploit (non brute-force)
From: Solar Designer <solar () OPENWALL COM>
Date: Wed, 28 Mar 2001 08:27:15 +0400
On Tue, Mar 27, 2001 at 02:05:54PM +0200, Wojciech Purczynski wrote: Hi,
Here is exploit for ptrace/execve race condition bug in Linux kernels up to 2.2.18.
Thanks for not releasing this before Linux 2.2.19 is out. It would be even better if you delayed this until the vendor updates are ready (should be very soon) like I was planning to.
It works even on openwall patched kernels (including broken fix in 2.2.18ow4)
Yes, the fix in 2.2.18-ow4 and 2.0.39-ow2 is insufficient -- it only reduced the window without completely fixing the race. I'd like to thank Rafal Wojtczuk for discovering the problem with my original fix almost immediately after its release and reporting it to me and the affected vendors privately. Unfortunately, Linux 2.2.19 and the vendor updates couldn't be released until now for other valid reasons(*) so I had to decide against releasing a 2.2.18-ow5, submit the correct fix for 2.2.19 and wait until it's released. Linux 2.2.19 is out. I've released the 2.2.19-ow1 and 2.0.39-ow3 patches yesterday: http://www.openwall.com/linux/ Please upgrade to one of these versions. (*) To be explained here after the vendor updates are ready. -- /sd
Current thread:
- ptrace/execve race condition exploit (non brute-force) Wojciech Purczynski (Mar 27)
- Re: ptrace/execve race condition exploit (non brute-force) Wouter de Jong (Mar 27)
- Re: ptrace/execve race condition exploit (non brute-force) Solar Designer (Mar 27)
- <Possible follow-ups>
- Re: ptrace/execve race condition exploit (non brute-force) Mariusz Woloszyn (Mar 27)
- Re: ptrace/execve race condition exploit (non brute-force) Solar Designer (Mar 28)