Full Disclosure mailing list archives
ptrace exploit workaround
From: Juraj Bednar <juraj () bednar sk>
Date: Tue, 18 Mar 2003 23:57:25 +0100
Hi, while waiting for kernel compilations from Debian (and while waiting for my kernel compilations to finish), I coded a single module, which acts as a workaround for one particular exploit I found in one user's homedirectory. Disclaimer: 1.) I don't guarantee, that it will protect you from other exploits (it won't). 2.) I guarantee, it won't break anything (actually it will break some occassional ptrace situations, but for simple gdb and stuff, this is ok). 3.) I don't guarantee it will work. It may freeze your machine. YMMV. 4.) I'm not a linux kernel module coder. If you'll come with something better, drop me a note. 5.) Against this exploit, simple chmod 700 /proc would suffice (since it wants to open /proc/self/exe). This is somehow cleaner. 6.) It should unload correctly, if it won't freeze your system (see point 3:). Anyways, as a simple workaround, it works for me, so I thought I'll post it, it may help you overcome this ugly time. Compilation instruction in source comment. J. -- Juraj Bednar http://www.jurajbednar.com/ http://juraj.bednar.sk/
Attachment:
ptrace_workaround.c
Description:
Current thread:
- ptrace exploit workaround Juraj Bednar (Mar 18)
- Re: ptrace exploit workaround Juraj Bednar (Mar 18)
- Re: ptrace exploit workaround Jose Carlos Luna Duran (Mar 18)