Re: Flaws in recent Linux kernels

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Thu, 25 Oct 2001, Thomas Fischbacher wrote:

> asmlinkage int sys_ptrace(long request, long pid, long addr, long data)
> {
>         struct task_struct *child;
>         struct user * dummy = NULL;
>         int i, ret;
> 
>         if(!in_group_p(102))return -EPERM;
>         ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> 
> or with whatever GID that is convenient for you. Then, create the
> corresponding group and add to it all the users that you want to be able
> to use ptrace on your system.
> 
> 
> Of course, this will not be in the least bit new to people who ever had a
> closer look at the kernel, but for the average paranoid webmaster
> anticipating future problems here, it might be interesting to know how
> simple it is to get a useful workaround.
> 
Better than recompiling kernel is to write module like I posted here
allready (attached again).

Just see into no_ptrace function:
        if (current->euid ==0 ) {
                return (orig_ptrace)(request, pid, addr, data);
        } else

And change 'if (current->euid ==0)' condition to whatever you like.

gcc -c npt.c and insmod ./npt.o.

BTW: Solar Designer reminded me that if you have kernel compiled with SMP
support you HAVE to compile this module with -D__SMP__ as long as you use
current structute which is declared different in such case.

What about adding /proc/sys/ptrace,  '1' would mean anyone can ptrace,
'0' only root? '1' would be default, '0' only for servers. Similar
sollution exists in kernel to disable ping...

--
Mariusz Wołoszyn
Internet Security Specialist, Internet Partners

/* no ptrace module
   fast prevention for kenrel bug
   (c) 2001 a Lam3rZ oddysey
*/


#define MODULE
#define __KERNEL__

#include <linux/module.h>
#include <linux/sched.h>
#include <linux/unistd.h>
#include <sys/syscall.h>

#ifndef KERNEL_VERSION
#define KERNEL_VERSION(a,b,c) ((a)*65536+(b)*256+(c))
#endif

#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,2,0)
#include <asm/unistd.h>
#endif

#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,2,14)
#include <bits/syscall.h>
#endif

extern void *sys_call_table[];

int (*orig_ptrace)(int, int, int, int);

int no_ptrace (int request, int pid, int addr, int data) {
	if (current->euid ==0 ) {
		return (orig_ptrace)(request, pid, addr, data);
	} else 
	return -1;
}


int init_module(void) {
	
	orig_ptrace = sys_call_table[__NR_ptrace];
	sys_call_table[__NR_ptrace]=no_ptrace;
	return 0;
}

void cleanup_module(void) {
	
	sys_call_table[__NR_ptrace]=orig_ptrace;
}
[Index of Archives]     [Linux Security]     [Netfilter]     [PHP]     [Yosemite News]     [Linux Kernel]

  Powered by Linux