Forum OpenACS Q&A: Re: Beware the latest kernel upgrade

Posted by Mike Sisk on
Maybe its RH kernel specific perhaps?
it doesn't look like it; a patch has been introduced to fix the problem:
Alan Cox wrote:
> Vulnerability: CAN-2003-0127
> The Linux 2.2 and Linux 2.4 kernels have a flaw in ptrace. This hole allows
> local users to obtain full privileges. Remote exploitation of this hole is
> not possible. Linux 2.5 is not believed to be vulnerable.

The patch breaks /proc/[pid]/cmdline and /proc/[pid]/environ for 'non dumpable' processes, even for root.

We need to access theses proc files for processes monitoring.

Included is a patch to restore this functionnality for root.

Any comments ?
(See attached file: cmdline_environ_fix.diff)
Mathieu Lafon - Arkoon Network Security