Hi, sorry for being so penetrating about this issue.
I have some really obscure thing here. I downloaded http://www.kernel.org/pub/linux/kernel/v2.4/linux-2.4.20.tar.bz2 http://www.kernel.org/pub/linux/kernel/v2.4/testing/patch-2.4.21-rc2.bz2 to get rid of that ptrace bug. ok, I compiled it using kpkg-make, I tryid it several time and also WITHOUT odule support, but look what happens (I post the compile-process, maybe I did something wrong as I am not such an expert on these things): cd /usr/src/ tar --bzip2 -xvf linux-2.4.20.tar.bz2 bzip2 -dc patch-2.4.21-rc2.bz2 | patch -p0 cd /usr/src/kernel... make-kpkg clean make menuconfig make-kpkg clean fakeroot make-kpkg --append_to_version -X-01 \ --revision=rev.01 kernel_image dpkg -i kernel-image-2.4.21-X-01_rev.01_i386.deb shutdown -r now. ok, I login as root, just to check the system: uname -r 2.4.21-rc2-X-01 woody:~# /sbin/lsmod Module Size Used by Not tainted lsmod: QM_MODULES: Function not implemented OK, I disabled modules in kernel... then i login as some user... [EMAIL PROTECTED]:~$ id uid=999(xxx) gid=999(xxx) groups=999(xxx) [EMAIL PROTECTED]:~$ [EMAIL PROTECTED]:~$ cd /new/ptrace/isec-ptrace-kmod-exploit [-] Fatal error: Unknown error 125 Killed ok, looks good. But immediatly after this the system gets eaten up by the process started by this exploit, which is using 99% CPU. Did I something wrong? Or is this exploit, if not for a root shell, still good for a local DOS? Have a nice thread, Peter
