Bugtraq mailing list archives
Re: Linux kernel ELF core dump privilege elevation (kernel module workaround)
From: chris <fool () dfw net>
Date: Thu, 12 May 2005 17:31:58 -0500
On Thu, May 12, 2005 at 12:29:02AM +0000, Andrew Griffiths wrote:
It loops over all processes and sets the soft limit and hard limit for processes to 0. The limits.conf measure isn't entirely enough if people have screen sessions, or you have various daemons running etc.
We've used "echo / > /proc/sys/kernel/core_pattern" to disable coredumps by all processes (using kernel 2.4.29). This seems to affect all running processes without doing anything drastic or dangerous (except disabling coredumps =)). To disable all for all but root processes you can use something like " /core " instead of " / " in the above example, but then you may still be vulnerable as Andrew points out to pre-existing screen or Xwin sessions running as root--not sure about that but better safe than sorry. I haven't read the code to see if this is an unintentional effect, but it sure seems to work under 2.4.29 at least. I got the idea from this page: http://www.aplawrence.com/Forum/TonyLawrence9.html
Current thread:
- Linux kernel ELF core dump privilege elevation Paul Starzetz (May 11)
- Re: Linux kernel ELF core dump privilege elevation Bruno Lustosa (May 11)
- Re: Linux kernel ELF core dump privilege elevation codeQ (May 13)
- Re: Linux kernel ELF core dump privilege elevation Greg KH (May 11)
- Re: Linux kernel ELF core dump privilege elevation Greg KH (May 11)
- Re: Linux kernel ELF core dump privilege elevation Paul Starzetz (May 11)
- Re: Linux kernel ELF core dump privilege elevation (kernel module workaround) Andrew Griffiths (May 12)
- Re: Linux kernel ELF core dump privilege elevation (kernel module workaround) chris (May 13)
- Re: Linux kernel ELF core dump privilege elevation antoine (May 12)
- Re: Linux kernel ELF core dump privilege elevation Pedro Venda (May 13)
- Re: Linux kernel ELF core dump privilege elevation Bruno Lustosa (May 11)