Re: Flaws in recent Linux kernels

[Mariusz Woloszyn <emsi () ipartners pl>]

On Thu, 25 Oct 2001, Thomas Fischbacher wrote:

> asmlinkage int sys_ptrace(long request, long pid, long addr, long data)
> {
>         struct task_struct *child;
>         struct user * dummy = NULL;
>         int i, ret;
>
>         if(!in_group_p(102))return -EPERM;
>         ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>
> or with whatever GID that is convenient for you. Then, create the
> corresponding group and add to it all the users that you want to be able
> to use ptrace on your system.
>
>
> Of course, this will not be in the least bit new to people who ever had a
> closer look at the kernel, but for the average paranoid webmaster
> anticipating future problems here, it might be interesting to know how
> simple it is to get a useful workaround.
Better than recompiling kernel is to write module like I posted here
allready (attached again).

Just see into no_ptrace function:
        if (current->euid ==0 ) {
                return (orig_ptrace)(request, pid, addr, data);
        } else

And change 'if (current->euid ==0)' condition to whatever you like.

gcc -c npt.c and insmod ./npt.o.

BTW: Solar Designer reminded me that if you have kernel compiled with SMP
support you HAVE to compile this module with -D__SMP__ as long as you use
current structute which is declared different in such case.

What about adding /proc/sys/ptrace,  '1' would mean anyone can ptrace,
'0' only root? '1' would be default, '0' only for servers. Similar
sollution exists in kernel to disable ping...

--
Mariusz Wołoszyn
Internet Security Specialist, Internet Partners

Attachment: npt.c
Description: