Mailinglist Archive: opensuse-security (394 mails)

< Previous Next >
Re: [suse-security] suse 8.1 : ptrace exploit still working fine!? MAybe sligthly OT.
  • From: Dirk Schreiner <dirk.schreiner@xxxxxxx>
  • Date: Wed, 03 Dec 2003 11:16:07 +0100
  • Message-id: <3FCDB7E7.10209@xxxxxxx>
Hi,

so what do we learn about this?
Never do a automatic Update and run YOU interactive.

It would have mentioned about rebooting ;-)

Or didn`t you read the messages? SCNR

Now a Question to the List and to SuSE ;-)

What about a YOU option to spezify the Mailaddress
where YOU-Messages are mailed to in auto-Mode?

Or did i just overread this in the MAN-Pages ?!?

Greetings
Dirk



Olivier M. schrieb:

On Sun, Nov 30, 2003 at 12:48:23AM +0100, Olivier M. wrote:

Well... I thought that ptrace problem has been fixed... ? (in suse 8.2 it's fine, the exploit is not working)


Conclusion: after a reboot:

om@box:~/tmp2> ./ptrace [*] PID of Parent: 23839
[*] PID of Child: 23840
[*] Attaching to PID 23841
Killed

So the system was uptodate and correctely patched all the time,
but the "problem" was just the uptime of 103 days. Server should have been rebooted to activate the protection, which is indeed pretty
logical in case of kernel upgrade (openssh update : restart
ssh service, kernel update: restart server).
Thanks to all for the great support & advices and sorry for all that noise. At least we won't make the same mistake
again later :)

Something is still strange: the ptrace exploit appeared around March/April 2003, and the fixed (suse-)kernel for 8.1 only in August ?
Regards,
Olivier



< Previous Next >
List Navigation
Follow Ups
References