Network Security: Detailed info on Re: Linux kernel ELF core dump privilege elevation (kernel module workar

Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.

Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.

Network Security VulnWatch

[Top] [All Lists]

Re: Linux kernel ELF core dump privilege elevation (kernel module workar

from [chris] Network Security

[Permanent Link]

Subject:	Re: Linux kernel ELF core dump privilege elevation (kernel module workaround)
Date:	Thu, 12 May 2005 17:31:58 -0500

On Thu, May 12, 2005 at 12:29:02AM +0000, Andrew Griffiths wrote:

It loops over all processes and sets the soft limit and hard limit for
processes to 0. The limits.conf measure isn't entirely enough if people
have screen sessions, or you have various daemons running etc.

 
We've used "echo / > /proc/sys/kernel/core_pattern" to disable coredumps
by all processes (using kernel 2.4.29).  This seems to affect all
running processes without doing anything drastic or dangerous (except
disabling coredumps =)).  To disable all for all but root processes you
can use something like " /core " instead of " / " in the above example,
but then you may still be vulnerable as Andrew points out to pre-existing
screen or Xwin sessions running as root--not sure about that but better
safe than sorry.

I haven't read the code to see if this is an unintentional effect, but
it sure seems to work under 2.4.29 at least.  I got the idea from this
page:

        http://www.aplawrence.com/Forum/TonyLawrence9.html

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
[VulnWatch] Linux kernel ELF core dump privilege elevation, Paul Starzetz Re: Linux kernel ELF core dump privilege elevation, Greg KH Re: Linux kernel ELF core dump privilege elevation, Greg KH Re: Linux kernel ELF core dump privilege elevation, Paul Starzetz Re: Linux kernel ELF core dump privilege elevation (kernel module workaround), Andrew Griffiths Re: Linux kernel ELF core dump privilege elevation (kernel module workaround), chris <=

Previous by Date:	[Full-disclosure] OllyDbg "INT3 AT" Format String Vulnerability, Piotr Bania
Next by Date:	[VulnWatch] Linux kernel pktcdvd and rawdevice ioctl break user space limit vulnerability, alert7
Previous by Thread:	Re: Linux kernel ELF core dump privilege elevation (kernel module workaround), Andrew Griffiths
Next by Thread:	[Full-disclosure] [DR018] Quartz Composer / QuickTime 7 information leakage, David Remahl
Indexes:	[Date] [Thread] [Top] [All Lists]