Linux Kernel 2.2.x – Non-Readable File Ptrace Local Information Leak
漏洞ID | 1053492 | 漏洞类型 | |
发布时间 | 2000-11-30 | 更新时间 | 2000-11-30 |
CVE编号 | N/A |
CNNVD-ID | N/A |
漏洞平台 | Linux | CVSS评分 | N/A |
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
source: http://www.securityfocus.com/bid/2044/info
Ptrace is a unix system call that is used to analyze running processes, usually for breakpoint debugging. The linux implementation of ptrace in 2.2.x kernels (and possibly earlier versions) contains a vulnerability that may allow an attacker to gain sensitive information in non-readable non-setuid executable files.
For security reasons, regular users are not allowed to ptrace setuid programs (or attach to processes running as another uid) nor are they allowed to trace processes originating from un-readable disk images (binary files). These restrictions are properly enforced in Linux ptrace when using PT_ATTACH to trace aribtrary non-children processes in memory.
When ptrace is called to trace a child process however, it does not properly check to make sure that the disk image is readable to the user. As a result, the process can be traced and its core memory examined. Information compiled into the binary that was meant to be hidden via setting it non-readable may be disclosed to an attacker.
The information obtained could be used to assist in other attacks.
Trace on non-readable file using PT_ATTACH:
$ ls -l testfile
-rwx--x--x 1 root root 216916 Dec 4 11:59 testfile
$ ./testfile
waiting..
From another shell:
$ strace -p 11535 <---process ID of "testfile" process
attach: ptrace(PTRACE_ATTACH, ...): Operation not permitted <---Because testfile isn't readable. Good, secure behaviour
---------------
Trace on non-readable file as child process:
$ strace testfile
SYS_197(0x3, 0xbffff650, 0x40197d40, 0x80cca38, 0x3) = -1 ENOSYS (Function not implemented)
fstat(3, {st_mode=S_IFREG|0644, st_size=1744, ...}) = 0
mmap(0, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x40015000
..
相关推荐: Compaq Management Agents for Netware Plaintext Password Vulnerability
Compaq Management Agents for Netware Plaintext Password Vulnerability 漏洞ID 1103729 漏洞类型 Design Error 发布时间 2000-11-06 更新时间 2000-11-…
© 版权声明
文章版权归作者所有,未经允许请勿转载。
THE END
喜欢就支持一下吧
恐龙抗狼扛1年前0
kankan啊啊啊啊3年前0
66666666666666