You (Ian Jackson) wrote: > Please do not apply Frank Neumann's patch. Hmm, I must have missed something here.
> This will break strace on systems where mmap on /proc/<pid>/mem is > prohibited except to root. (This restriction is part of a security > measure which should be supported, given the history of horrible > security holes with /proc.) This was only the case in a few 2.0.x releases. Later versions have this fixed; mmap on /proc/pid/mem is allowed if you are ptrace'ing the process (since the PTRACE_ATTACH already did the nessecary persission checks) so strace works again. I don't know what the Debian-1.1.8 kernel does (2.0.6 right?) I think we should have a 2.0.21 kernel for Debian-1.1.9 (boot floppy and kernel package). This fixed a hole that has been in Linux up to 2.0.1 or so (including 1.2.13, 1.0.9 etc) where _anyone_ can become root with a simple exploit program. When 2.0.x becomes stable, perhaps I'll post the exploit program so that everyone _has_ to upgrade.. Mike. -- Miquel van | Cistron Internet Services -- Alphen aan den Rijn. Smoorenburg, | mailto:[EMAIL PROTECTED] http://www.cistron.nl/ [EMAIL PROTECTED] | The truth is out there. 42.
