1 Dec
2003
1 Dec
'03
13:36
On Sun, Nov 30, 2003 at 12:48:23AM +0100, Olivier M. wrote:
sh-2.05b# id uid=0(root2) gid=0(root) groups=500(nofiles) sh-2.05b# Well... I thought that ptrace problem has been fixed... ? (in suse 8.2 it's fine, the exploit is not working)
At least one of the exploits currently in the wild make the exploit binary suid root after working for the first time. So, if you boot an old kernel, run the exploit (it works), then boot the fixed kernel and run the exploit again, you will get root again, but because of the SUID root bit. You might want to check if this is not the case.