Re: ext2 attribute immutable
H. Peter Anvin (hpa@freya.yggdrasil.com)
5 Apr 1996 09:28:15 GMT
Followup to: <24376.199604030736@stone.dcs.warwick.ac.uk>
By author: Zefram <A.Main@dcs.warwick.ac.uk>
In newsgroup: linux.dev.kernel
>
> >> So, how does one need to modify /proc/1/mem to decrease the secure=
-level
> >> after getting root access? :)
> >
> >You don't need to. You can just do a ptrace() on init, or create yo=
ur
> >OWN init process --- by using a careful, controlled fork bomb we can
> >easily create new processes until we are about to wrap pid, then kil=
l
> >init and wait until one of our forks has a pid of 1.
>=20
> The fork attack shouldn't be possible. On SunOS, for example, when t=
he
> PIDs wrap, they wrap to 101, not 1. Doesn't Linux do something like
> this? If it wraps to 1, this has to change -- conceptually, low PIDs
> are a privileged resource, so access to them must be restricted.
>=20
Baloney. If init exits, the kernel will automatically spawn a new one
(Linux); most other OSes will treat init exiting as evidence of a
fatal crash and panic/reboot. Not only can't you kill init, but you
can't replace it by any less than changing the binary.
-hpa
--=20
PGP public key available - finger hpa@zytor.com
"The earth is but one country, and mankind its citizens." -- Bah=E1'u=
'll=E1h
I don't work for Yggdrasil, but they sponsor the linux.* hierarchy.