Mailinglist Archive: opensuse-security (220 mails)

< Previous Next >
Re: [suse-security] suse 8.1 : ptrace exploit still working fine!?
  • From: Andreas <andreas@xxxxxxxxxxxxxxxx>
  • Date: Mon, 1 Dec 2003 11:36:34 -0200
  • Message-id: <20031201133633.GY18379@xxxxxxxxxxxxxxxx>
On Sun, Nov 30, 2003 at 12:48:23AM +0100, Olivier M. wrote:
> sh-2.05b# id
> uid=0(root2) gid=0(root) groups=500(nofiles)
> sh-2.05b#
> Well... I thought that ptrace problem has been fixed... ?
> (in suse 8.2 it's fine, the exploit is not working)

At least one of the exploits currently in the wild make the exploit
binary suid root after working for the first time. So, if you boot
an old kernel, run the exploit (it works), then boot the fixed kernel
and run the exploit again, you will get root again, but because of
the SUID root bit. You might want to check if this is not the case.

< Previous Next >