Re: Kernels 2.2 and 2.4 exploit (ALL VERSION WHAT I HAVE TESTED UNTILL NOW!)

From: Anders Gustafsson (andersg@0x63.nu)
Date: Wed Mar 19 2003 - 10:28:36 EST


On Wed, Mar 19, 2003 at 04:13:05PM +0000, Alan Cox wrote:
> On Wed, 2003-03-19 at 14:55, Anders Gustafsson wrote:
> > If access can't be shut down while compiling the new kernel
> >
> > echo /foo/bar/doesnotexist >/proc/sys/kernel/modprobe
> >
> > would help, wouldn't it?
>
> Against the default exploit circulating yes, in the general
> case we don't believe so.

Ah, there might be other stuff than modprobe that execs out of a
kernelthread. But to exploit the kernelthread must execve so there is a
userspaceprocess to ptrace, right?

-- 
Anders Gustafsson - andersg@0x63.nu - http://0x63.nu/
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/



This archive was generated by hypermail 2b29 : Sun Mar 23 2003 - 22:00:27 EST