Mailinglist Archive: opensuse-security (394 mails)

< Previous Next >
Re: [suse-security] suse 8.1 : ptrace exploit still working fine!?
  • From: "Olivier M." <qmail@xxxxxxxxxxxxx>
  • Date: Tue, 2 Dec 2003 15:42:38 +0100
  • Message-id: <20031202154238.B12245@xxxxxxxxxxxxx>
On Sun, Nov 30, 2003 at 12:48:23AM +0100, Olivier M. wrote:
> Well... I thought that ptrace problem has been fixed... ?
> (in suse 8.2 it's fine, the exploit is not working)

Conclusion: after a reboot:

om@box:~/tmp2> ./ptrace
[*] PID of Parent: 23839
[*] PID of Child: 23840
[*] Attaching to PID 23841
Killed

So the system was uptodate and correctely patched all the time,
but the "problem" was just the uptime of 103 days. Server should
have been rebooted to activate the protection, which is indeed pretty
logical in case of kernel upgrade (openssh update : restart
ssh service, kernel update: restart server).

Thanks to all for the great support & advices and sorry
for all that noise. At least we won't make the same mistake
again later :)

Something is still strange: the ptrace exploit appeared
around March/April 2003, and the fixed (suse-)kernel for 8.1
only in August ?

Regards,
Olivier

< Previous Next >
List Navigation
Follow Ups