On Thu, 25 Oct 2001, Thomas Fischbacher wrote:
> asmlinkage int sys_ptrace(long request, long pid, long addr, long data)
> {
> struct task_struct *child;
> struct user * dummy = NULL;
> int i, ret;
>
> if(!in_group_p(102))return -EPERM;
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>
> or with whatever GID that is convenient for you. Then, create the
> corresponding group and add to it all the users that you want to be able
> to use ptrace on your system.
>
>
> Of course, this will not be in the least bit new to people who ever had a
> closer look at the kernel, but for the average paranoid webmaster
> anticipating future problems here, it might be interesting to know how
> simple it is to get a useful workaround.
>
Better than recompiling kernel is to write module like I posted here
allready (attached again).
Just see into no_ptrace function:
if (current->euid ==0 ) {
return (orig_ptrace)(request, pid, addr, data);
} else
And change 'if (current->euid ==0)' condition to whatever you like.
gcc -c npt.c and insmod ./npt.o.
BTW: Solar Designer reminded me that if you have kernel compiled with SMP
support you HAVE to compile this module with -D__SMP__ as long as you use
current structute which is declared different in such case.
What about adding /proc/sys/ptrace, '1' would mean anyone can ptrace,
'0' only root? '1' would be default, '0' only for servers. Similar
sollution exists in kernel to disable ping...
--
Mariusz Wołoszyn
Internet Security Specialist, Internet Partners
This archive was generated by hypermail 2b30 : Fri Oct 26 2001 - 16:02:42 PDT