Re: Recent ptrace exploit effected by chroot?

From: Jem Berkes (jb_at_users.pc9.org)
Date: 04/28/03


Date: Mon, 28 Apr 2003 14:31:53 GMT


> Threads seems to be broken there, but on google groups I was
> able to follow the thread:
> http://www.google.com/groups?selm=20030322224006%246de1%40gated-at.bofh
> .it

Ouch, that's a big thread (100 msgs)!

>> But he doesn't elaborate so maybe there's nothing to his claim.
>
> He was specifically asked for examples, but never answered.

Sounds good, maybe the kernel is overall hardier than I thought :) But
still, if patching the kernel is not something the OP can do easily, it's
probably more effective to focus his efforts on keeping services up to
date and properly configured. Once an intruder has any access to your
system, there's lots of trouble they could cause (exploit trust
relationship, local denial or service, find vulnerable suid binaries)...

-- 
Jem Berkes
http://www.pc-tools.net/
Windows, Linux & UNIX software


Relevant Pages

  • Re: Compiling the kernel
    ... > Poking around with google groups, I discovered a setting under "Block ... > title Red Hat Linux ... I can't boot the first kernel. ...
    (comp.os.linux.hardware)
  • Re: replacing X Window System !
    ... X can write into kernel memory - ouch. ... X can mess with PCI bus - ouch. ... All "dangerous code" should be in kernel. ... text data bss dec hex filename ...
    (Linux-Kernel)
  • Re: replacing X Window System !
    ... X runs as root - ouch. ... X can write into kernel memory - ouch. ... X can mess with PCI bus - ouch. ... without the windowing system in it - yuck. ...
    (Linux-Kernel)
  • Re: replacing X Window System !
    ... X runs as root - ouch. ... X can write into kernel memory - ouch. ... Xorg of XFree86 and even the OS counts they runs on. ...
    (Linux-Kernel)
  • /proc/partitions does not match /dev
    ... I installed Woody ... Today I built my own kernel 2.4.21 and when I run lilo, ... 'append="devfs=mount" in lilo.conf (as a global option and as an image ... I looked for this on google and google groups, ...
    (Debian-User)