17704 – Linux 2.2 and 2.4 kernel flaw in ptrace security vulnerability - CAN-2003-0127

Bug 17704 - Linux 2.2 and 2.4 kernel flaw in ptrace security vulnerability - CAN-2003-0127

Summary: Linux 2.2 and 2.4 kernel flaw in ptrace security vulnerability - CAN-2003-0127

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	[OLD] Core system (show other bugs)
Hardware:	All Linux

Importance:	Highest critical (vote)
Assignee:	Gentoo Security

URL:
Whiteboard:
Keywords:

Duplicates (1):	17780 (view as bug list)
Depends on:
Blocks:

Reported:	2003-03-17 13:49 UTC by Bug Hunter
Modified:	2003-03-24 05:30 UTC (History)
CC List:	4 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Original message from Alan Cox (ptrace.patch.txt,24.65 KB, text/plain) 2003-03-17 14:00 UTC, Bug Hunter	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Bug Hunter 2003-03-17 13:49:36 UTC

Vulnerability: CAN-2003-0127

The Linux 2.2 and Linux 2.4 kernels have a flaw in ptrace. This hole allows
local users to obtain full privileges. Remote exploitation of this hole is
not possible. Linux 2.5 is not believed to be vulnerable.

i will attach the original report with patch

Reproducible: Always
Steps to Reproduce:

Comment 1 Bug Hunter 2003-03-17 14:00:48 UTC

Created attachment 9543 [details]
Original message from Alan Cox

There has been quite a thread following discussing the merits of the patch...

see:
http://marc.theaimsgroup.com/?l=linux-kernel&m=104791735604202&w=2

Comment 2 Jay Pfeifer (RETIRED) gentoo-dev

2003-03-18 22:37:01 UTC

*** Bug 17780 has been marked as a duplicate of this bug. ***

Comment 3 Jay Pfeifer (RETIRED) gentoo-dev

2003-03-19 10:25:20 UTC

gentoo-sources was updated with fix. can find it in gentoo-sources 2.4.20-r2. This  is currently marked unstable due to the nature of the changes. Read the changelog for more details. xfs-sources & gs-sources have been updated by livewire as well. users of gentoo-sources needing xfs support should use xfs-sources for this security update.

Jay

Comment 4 Gustavo Felisberto (RETIRED) gentoo-dev

2003-03-19 13:48:39 UTC

I think that leaving out XFS is a very bad idea. Some users like myself use XFS and need some of the features in gentoo-sources (like grsec).
If the comunity wants that gentoo becomes a mainstream distribution we cannot send out incomplet security updates or updates that break the system.

Comment 5 Jay Pfeifer (RETIRED) gentoo-dev

2003-03-19 14:55:02 UTC

the idea to remove xfs was not mine. it was done before i took over gentoo-sources updates. 
with the security issue, i had to act with what was available from lolo-sources. it has stability 
improvements over gentoo-sources-2.4.20-r1. we have to offer the xfs-sources (and cleary state 
this on our install documents) as the main option for xfs support. while i cannot say that xfs 
won't find itself back into gentoo-sources, right now it is not there. as far as grsecurity with xfs, 
i'll see how if we can accomodate this after talking to livewire.

Comment 6 Simonics Zsolt 2003-03-19 17:15:53 UTC

simc@catv-d5dea4d0:~$ uname -r
2.4.20-gentoo-r2
simc@catv-d5dea4d0:~$ whoami
simc
simc@catv-d5dea4d0:~$ ./ptrace-exploit 
root@catv-d5dea4d0:~# whoami
root

:(

Comment 7 Gustavo Felisberto (RETIRED) gentoo-dev

2003-03-20 08:07:31 UTC

The exploit i tried sets itself suid after a sucessefull run. So if you try it on a unpatched kernel and then reboot and try it on a patched kernel it will still work. You have to delete it and rebuild it to see if you are protected.

Comment 8 Simonics Zsolt 2003-03-20 09:29:28 UTC

Thanks, that was the problem.

Comment 9 Patrick Kursawe (RETIRED) gentoo-dev

2003-03-21 03:37:10 UTC

Found a patch for 2.4.20-vanilla.
See http://www.hardrock.org/kernel/2.4.20/linux-2.4.20-ptrace.patch

Comment 10 Daniel Ahlberg (RETIRED) gentoo-dev

2003-03-24 05:30:40 UTC

glsa sent