If you compiled and ran the resulting binary before upgrading your kernel, the isec-ptrace-kmod-exploit binary may already be set[ug]id, which is a side effect of running it. Make sure it's not +s and/or g+s, or better yet just remove it and recompile it.
--- LeVA <[EMAIL PROTECTED]> wrote: > Hello! > > I have patched my kernel (2.4.20) with this patch: > http://www.kernel.org/pub/linux/kernel/v2.4/testing/cset/cset-1.1076.txt > It compile correctly. > Now I have downloaded the km3.c and > isec-ptrace-kmod-exploit.c > The km3.c doesn't write the OK! stuff, and it could > run forever starting > child processes... > But the 'isec-ptrace-kmod-exploit.c' runs like this: > $ ./isec-ptrace-kmod-exploit > sh-2.05a# > > So it droped me a root shell. Well it is not good I > think, after the > patch... > > I heard another way to stop this exploit: > > The /proc/sys/kernel/modprobe contains a path for > the modprobe > executable. If I change it to /var/tmp for example, > the exploit won't work. > > Now this is true on most of my boxes. I didn't need > to patch my kernels, > because this workaround helped me. > But in one box, this isn't work either. > So, to be clear. I have box with 2.4.20 (patched) > kernel, and the > exploit works fine. > What should I do. > > Sorry for my terrible english, I hope you understand > the brief of the > message. > > Daniel > > ATTACHMENT part 2 application/x-pkcs7-signature name=smime.p7s
