Flaws in recent Linux kernels

Heimdall heimdall at e-phoria.net
Fri Oct 19 15:42:37 PDT 2001


>> This ptrace exploit works very well on kernel equal or under 2.2.18.
>> Look inside the source code : it uses passwd program by default.
>> You can change it by another program with the +s flag like ping (tested)
>> (#define VICTIM "/usr/bin/passwd" )
>
>sorry, this is a new exploit, published yesterday (or so) on buqtraq. and 
>yes, its tested with ping and other setuid-progs - didnt work with 
>2.2.19+ow+stealth, 2.4.6, 2.4.10, 2.4.12+preempt on my systems.
>

Oops sorry I wasn't aware of it :) 
It didn't work too on my 2.4.10. The second one mklink.sh works besides.
I had to play with ulimit to make it failed ...

ulimit -t 1
ulimit -u 5
ulimit -v 5000
ulimit -s 1000
ulimit -n 15
ulimit -f 1000
ulimit -d 1000
ulimit -l 1000
ulimit -m 500 


Heimdall

-- 
Unsubscribe: send email to listar at linuxfromscratch.org
and put 'unsubscribe lfs-security' in the subject header of the message



More information about the lfs-security mailing list