Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: Linux kernel ELF core dump privilege elevation (kernel module workaround)
From: chris <fool () dfw net>
Date: Thu, 12 May 2005 17:31:58 -0500

On Thu, May 12, 2005 at 12:29:02AM +0000, Andrew Griffiths wrote:
 
It loops over all processes and sets the soft limit and hard limit for
processes to 0. The limits.conf measure isn't entirely enough if people
have screen sessions, or you have various daemons running etc. 
 
We've used "echo / > /proc/sys/kernel/core_pattern" to disable coredumps
by all processes (using kernel 2.4.29).  This seems to affect all
running processes without doing anything drastic or dangerous (except
disabling coredumps =)).  To disable all for all but root processes you
can use something like " /core " instead of " / " in the above example,
but then you may still be vulnerable as Andrew points out to pre-existing
screen or Xwin sessions running as root--not sure about that but better
safe than sorry.

I haven't read the code to see if this is an unintentional effect, but
it sure seems to work under 2.4.29 at least.  I got the idea from this
page:

        http://www.aplawrence.com/Forum/TonyLawrence9.html


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault