Vulnerability: CAN-2003-0127 The Linux 2.2 and Linux 2.4 kernels have a flaw in ptrace. This hole allows local users to obtain full privileges. Remote exploitation of this hole is not possible. Linux 2.5 is not believed to be vulnerable. i will attach the original report with patch Reproducible: Always Steps to Reproduce:
Created attachment 9543 [details] Original message from Alan Cox There has been quite a thread following discussing the merits of the patch... see: http://marc.theaimsgroup.com/?l=linux-kernel&m=104791735604202&w=2
*** Bug 17780 has been marked as a duplicate of this bug. ***
gentoo-sources was updated with fix. can find it in gentoo-sources 2.4.20-r2. This is currently marked unstable due to the nature of the changes. Read the changelog for more details. xfs-sources & gs-sources have been updated by livewire as well. users of gentoo-sources needing xfs support should use xfs-sources for this security update. Jay
I think that leaving out XFS is a very bad idea. Some users like myself use XFS and need some of the features in gentoo-sources (like grsec). If the comunity wants that gentoo becomes a mainstream distribution we cannot send out incomplet security updates or updates that break the system.
the idea to remove xfs was not mine. it was done before i took over gentoo-sources updates. with the security issue, i had to act with what was available from lolo-sources. it has stability improvements over gentoo-sources-2.4.20-r1. we have to offer the xfs-sources (and cleary state this on our install documents) as the main option for xfs support. while i cannot say that xfs won't find itself back into gentoo-sources, right now it is not there. as far as grsecurity with xfs, i'll see how if we can accomodate this after talking to livewire.
simc@catv-d5dea4d0:~$ uname -r 2.4.20-gentoo-r2 simc@catv-d5dea4d0:~$ whoami simc simc@catv-d5dea4d0:~$ ./ptrace-exploit root@catv-d5dea4d0:~# whoami root :(
The exploit i tried sets itself suid after a sucessefull run. So if you try it on a unpatched kernel and then reboot and try it on a patched kernel it will still work. You have to delete it and rebuild it to see if you are protected.
Thanks, that was the problem.
Found a patch for 2.4.20-vanilla. See http://www.hardrock.org/kernel/2.4.20/linux-2.4.20-ptrace.patch
glsa sent