On Thu, 25 Oct 2001, Thomas Fischbacher wrote: > asmlinkage int sys_ptrace(long request, long pid, long addr, long data) > { > struct task_struct *child; > struct user * dummy = NULL; > int i, ret; > > if(!in_group_p(102))return -EPERM; > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ > > or with whatever GID that is convenient for you. Then, create the > corresponding group and add to it all the users that you want to be able > to use ptrace on your system. > > > Of course, this will not be in the least bit new to people who ever had a > closer look at the kernel, but for the average paranoid webmaster > anticipating future problems here, it might be interesting to know how > simple it is to get a useful workaround. > Better than recompiling kernel is to write module like I posted here allready (attached again). Just see into no_ptrace function: if (current->euid ==0 ) { return (orig_ptrace)(request, pid, addr, data); } else And change 'if (current->euid ==0)' condition to whatever you like. gcc -c npt.c and insmod ./npt.o. BTW: Solar Designer reminded me that if you have kernel compiled with SMP support you HAVE to compile this module with -D__SMP__ as long as you use current structute which is declared different in such case. What about adding /proc/sys/ptrace, '1' would mean anyone can ptrace, '0' only root? '1' would be default, '0' only for servers. Similar sollution exists in kernel to disable ping... -- Mariusz Wołoszyn Internet Security Specialist, Internet Partners
This archive was generated by hypermail 2b30 : Fri Oct 26 2001 - 16:02:42 PDT