Re: 2.4+ptrace exploit fix breaks root's ability to strace

From: Alan Cox (alan@lxorguk.ukuu.org.uk)
Date: Sat Mar 22 2003 - 14:09:08 EST


On Sat, 2003-03-22 at 17:13, Russell King wrote:
> ptrace has always explicitly allowed a process with the CAP_SYS_PTRACE
> capability to ptrace a task which isn't dumpable. With the ptrace "fix"
> in place, you can attach to a non-dumpable thread:

Note that this is a bug, and is now a fixed bug. The looser check you
can do requires you check

        my_capabilities >= his capbilities

Otherwise you have priviledge escalation for CAP_SYS_PTRACE to
CAP_SYS_RAWIO trivially

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/



This archive was generated by hypermail 2b29 : Sun Mar 23 2003 - 22:00:41 EST