Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: Process hiding in linux
From: pavel () UCW CZ (Pavel Machek)
Date: Mon, 20 Mar 2000 13:05:36 +0100


Hi!

/proc/pid allows strange tricks (2.3.49):

pavel () bug:~/misc$ ps aux | grep grep
Warning: /boot/System.map has an incorrect kernel version.
Warning: /usr/src/linux/System.map has an incorrect kernel version.

... interesting bits about /proc/$PID/status interface and how having
an open filehandle to a defunct proc's status can hide info from ps ...

1) The 2.3.x series [like all N.M.x kernels where ((M % 2) == 1)] are
   development kernels, not for production use.

I know _that_. And? This bug is 99% going to be in 2.4.0.

2) The 2.3.x development tree is up to 2.3.99-pre1, according to
   http://www.kernel.org/ (Granted, 2.3.49 was only superceded nine
   days ago, and 2.3.99-pre1 appears to really be 2.3.52, but that just
   goes to illustrate that this is a developers' alpha release.)

I do read released patches, and when something would drastiacally
change in fs/proc, I would probably notice.

In other words, check it on the current code (and what's up with having
the wrong System.map installed?) and post to the linux kernel-dev mailing
list if the dev kernel seems to have a bug. If they ignore you and seem
happy to release what you believe to be a product with a security flaw,
let the world know.

I already did that week or so ago.

                                                                Pavel

--
The best software in life is free (not shareware)!              Pavel
GCM d? s-: !g p?:+ au- a--@ w+ v- C++@ UL+++ L++ N++ E++ W--- M- Y- R+



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault