Security Hole in KERNELs 2.2.x to 2.4.x

[aru]

This looks serious; check alan cox's mail Ptrace hole / Linux 2.2.25

 

Affects kernels 2.2.x to 2.4.x

 

Vulnerability: CAN-2003-0127

 

The Linux 2.2 and Linux 2.4 kernels have a flaw in ptrace. This hole allows

local users to obtain full privileges. Remote exploitation of this hole is

not possible. Linux 2.5 is not believed to be vulnerable.

 

Linux 2.2.25 has been released to correct Linux 2.2. It contains no other

changes. The bug fixes that would have been in 2.2.5pre1 will now appear in

2.2.26pre1. The patch will apply directly to most older 2.2 releases.

 

A patch for Linux 2.4.20/Linux 2.4.21pre is attached. The patch also

subtly changes the PR_SET_DUMPABLE prctl. We believe this is neccessary and

that it will not affect any software. The functionality change is specific

to unusual debugging situations.

 

We would like to thank Andrzej Szombierski who found the problem, and

wrote an initial patch. Seth Arnold cleaned up the 2.2 change. Arjan van

de Ven and Ben LaHaise identified additional problems with the original

fix.

 

Alan

 

The mentioned patch is in the original post.

 

I'm sure mandrake will soon release its own patched kernels.

[bvc]

I wonder if this is what happened to me twice when after opening a terminal, and running mcc, I'd have to enter the root password which is great but 10 minutes later as bvc I'd do the same thing and would not be asked for a password :roll: so I'd be in mcc making changes as bvc. Thanks for the post! :wink:

[Guest ndeb]

I wonder if this is what happened to me twice when after opening a terminal, and running mcc, I'd have to enter the root password which is great but 10 minutes later as bvc I'd do the same thing and would not be asked for a password  so I'd be in mcc making changes as bvc.

This has Nothing to do with the kernel. Its intended and is a feature of sudo.

[Guest ndeb]

Perhaps, from now on, we all should use the secure version kernel-secure, which seems to be taking care of the issues fixed in http://grsecurity.net/news.php , unless there is a serious disadvantage to using the kernel-secure. Is there any reason why kernel-secure should not be used in preference to kernel ?

[bvc]

This has Nothing to do with the kernel. Its intended and is a feature of sudo.

I don't see that in this thread or link?....were did you get this info?

 

All I've ever heard about kernel-secure is that it's much more difficult do to almost anything. You spend more time screwing with permissions than anything else.