Bugtraq mailing list archives

Re: Linux kernel ELF core dump privilege elevation (kernel module workaround)

From: chris <fool () dfw net>
Date: Thu, 12 May 2005 17:31:58 -0500

On Thu, May 12, 2005 at 12:29:02AM +0000, Andrew Griffiths wrote:

It loops over all processes and sets the soft limit and hard limit for
processes to 0. The limits.conf measure isn't entirely enough if people
have screen sessions, or you have various daemons running etc.

 
We've used "echo / > /proc/sys/kernel/core_pattern" to disable coredumps
by all processes (using kernel 2.4.29).  This seems to affect all
running processes without doing anything drastic or dangerous (except
disabling coredumps =)).  To disable all for all but root processes you
can use something like " /core " instead of " / " in the above example,
but then you may still be vulnerable as Andrew points out to pre-existing
screen or Xwin sessions running as root--not sure about that but better
safe than sorry.

I haven't read the code to see if this is an unintentional effect, but
it sure seems to work under 2.4.29 at least.  I got the idea from this
page:

        http://www.aplawrence.com/Forum/TonyLawrence9.html

Current thread:

Linux kernel ELF core dump privilege elevation Paul Starzetz (May 11)
- Re: Linux kernel ELF core dump privilege elevation Bruno Lustosa (May 11)
  - Re: Linux kernel ELF core dump privilege elevation codeQ (May 13)
- Re: Linux kernel ELF core dump privilege elevation Greg KH (May 11)
  - Re: Linux kernel ELF core dump privilege elevation Greg KH (May 11)
  - Re: Linux kernel ELF core dump privilege elevation Paul Starzetz (May 11)
- Re: Linux kernel ELF core dump privilege elevation (kernel module workaround) Andrew Griffiths (May 12)
  - Re: Linux kernel ELF core dump privilege elevation (kernel module workaround) chris (May 13)
- Re: Linux kernel ELF core dump privilege elevation antoine (May 12)
  - Re: Linux kernel ELF core dump privilege elevation Pedro Venda (May 13)