1.)
If you happen to use grsecurity, you have two kernel options for
controlling ptrace:
GRKERNSEC_AUDIT_PTRACE "Ptrace logging"
If you say Y here, all attempts to attach to a process via ptrace
will be logged. If the sysctl option is enabled, a sysctl option
with nam
El 24/01/12 12:52, Kevin Chadwick escribió:
> On Tue, 24 Jan 2012 09:33:36 +0100
> "Tóth Attila" wrote:
>
>> My only concern against bruteforce protection is the possiblity of a DoS.
>> But it's always better to get DoSed, than to get bruteforced...
> Is ptrace disabled on hardened gentoo too?
>
No
On Tue, 24 Jan 2012 09:33:36 +0100
"Tóth Attila" wrote:
> My only concern against bruteforce protection is the possiblity of a DoS.
> But it's always better to get DoSed, than to get bruteforced...
Is ptrace disabled on hardened gentoo too?
--
Kc
2012.Január 24.(K) 08:26 időpontban pagee...@freemail.hu ezt írta:
> On 24 Jan 2012 at 2:35, Francesco R.(vivo) wrote:
>
>> BTW this in "vanilla" gentoo does not work because of the permission of
>> the su
>> file:
>> ls -l /usr/bin/su
>> -rws--x--x 1 root root 36776 18 gen 21.31 /usr/bin/su
>>
>>
On 24 Jan 2012 at 2:35, Francesco R.(vivo) wrote:
> BTW this in "vanilla" gentoo does not work because of the permission of the
> su
> file:
> ls -l /usr/bin/su
> -rws--x--x 1 root root 36776 18 gen 21.31 /usr/bin/su
>
> readelf cannot read the address, but there can be other ways to access the
2012.Január 24.(K) 02:35 időpontban Francesco R.(vivo) ezt írta:
> On Tuesday 24 January 2012 00:49:19 Tóth Attila wrote:
>> Please take a look at on this exploit:
>> http://blog.zx2c4.com/749
>> It is interesting to think about /proc/pid/mem protection and about
>> building su with PIE enabled...
On Tuesday 24 January 2012 00:49:19 Tóth Attila wrote:
> Please take a look at on this exploit:
> http://blog.zx2c4.com/749
> It is interesting to think about /proc/pid/mem protection and about
> building su with PIE enabled...
>
> Regards:
> Dw.
BTW this in "vanilla" gentoo does not work because
Please take a look at on this exploit:
http://blog.zx2c4.com/749
It is interesting to think about /proc/pid/mem protection and about
building su with PIE enabled...
Regards:
Dw.
--
dr Tóth Attila, Radiológus, 06-20-825-8057
Attila Toth MD, Radiologist, +36-20-825-8057
