Re: [Full-disclosure] Linux Kernel 2.6.x PRCTL Core Dump Handling - simple workaround

On Thu, Jul 13, 2006 at 09:57:05PM -0700, Kyle Lutze wrote: it seems that this relies on /etc/cron.d being there? or is it specific to a crond? I use fcron which doesn't use /etc/cron.d and I have been unable to get the exploit to successfully work. 2.6.14 kernel sh: /tmp/sh: No such file or

Re: [Full-disclosure] Linux Kernel 2.6.x PRCTL Core Dump Handling - simple workaround

hi, setting 750 on /etc/cron.* would stop this exploit /lars if ( !( child = fork() )) { chdir(/etc/cron.d); prctl(PR_SET_DUMPABLE, 2); sleep(200); exit(1); ___ Full-Disclosure - We believe in it. Charter:

Re: [Full-disclosure] Linux Kernel 2.6.x PRCTL Core Dump Handling - simple workaround

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 7/13/06, lars brun nielsen [EMAIL PROTECTED] wrote: hi, setting 750 on /etc/cron.* would stop this exploit Incorrect. Did you even try this on ONE vulnerable box? The vulnerability exists BECAUSE the kernel doesn't enforce directory

[Full-disclosure] Linux Kernel 2.6.x PRCTL Core Dump Handling - simple workaround

Matt Murphy write:If you actually bothered to read ANY of the vendor advisories on thisissue, you'd know why. The vulnerability exists because the kernelDOES NOT VERIFY write permissions to core dump directories. If your users actually have write permissions to /etc/cron.d, do the world afavor

Re: [Full-disclosure] Linux Kernel 2.6.x PRCTL Core Dump Handling - simple workaround

On Thu, 13 Jul 2006, Matthew Murphy wrote: setting 750 on /etc/cron.* would stop this exploit Incorrect. Did you even try this on ONE vulnerable box? The vulnerability exists BECAUSE the kernel doesn't enforce directory permissions when writing a core dump. You cannot chdir to (or access a

Re: [Full-disclosure] Linux Kernel 2.6.x PRCTL Core Dump Handling - simple workaround

Michal Zalewski wrote: On Thu, 13 Jul 2006, Matthew Murphy wrote: setting 750 on /etc/cron.* would stop this exploit Incorrect. Did you even try this on ONE vulnerable box? The vulnerability exists BECAUSE the kernel doesn't enforce directory permissions when writing a core dump. You

Re: [Full-disclosure] Linux Kernel 2.6.x PRCTL Core Dump Handling - simple workaround

Dear Matt,This is silly, you are a lying jigaboo. That is of course unless the machine you tested on was compiled with the CONFIG_ALLOW_MATT_MURPHY_TO_RUN_HIS_MOUTH_AND_CHDIR_INTO_NON_EXECUTABLE_DIRECTORIES option. This option hasn't been on by default in any distribution since Redhat 6.2 as far

Re: [Full-disclosure] Linux Kernel 2.6.x PRCTL Core Dump Handling - simple workaround

it seems that this relies on /etc/cron.d being there? or is it specific to a crond? I use fcron which doesn't use /etc/cron.d and I have been unable to get the exploit to successfully work. 2.6.14 kernel sh: /tmp/sh: No such file or directory I'm running gentoo-sources without selinux or