From: Alexander K. <kri...@fr...> - 2012-02-01 05:07:07
|
Hi. I am running andLinux/coLinux: $ uname -a Linux andLinux 2.6.33.7-co-0.7.10-r1588 #1 PREEMPT Mon Aug 8 04:13:31 UTC 2011 i686 athlon i386 GNU/Linux But... $ cat /etc/motd | head -n 1 Welcome to Ubuntu 11.10 (GNU/Linux 2.6.33.7-co-0.7.10-r1588 i686) Now the problem is so-called "ptrace protection", explained there: https://wiki.edubuntu.org/SecurityTeam/Roadmap/KernelHardening#ptrace_Protection I tried to use tools like reptyr and injcode: https://github.com/nelhage/reptyr#readme https://github.com/ThomasHabets/injcode#readme Both of them do not work as expected. My suspicion is that this is due to my combination of coLinux kernel (without yama) and new Ubuntu (relying on yama). I tried to run the tools as root (sudo -i) because I expected ptrace protection to be inactive according to the description at Ubuntu, but to no avail. My questions are: 1) Can you confirm that my suscpcion is correct? 2a) If not, what else might be the reason for my problems? 2b) If so, is there anything I can do about it like downloading a coLinux kernel with built-in yama support from somewhere or asking you to build in yama protection in the future? Disclaimer: Maybe I am not asking the right questions. Please note that I am a user, not a kernel hacker. Any help is appreciated. Thanks in advance. -- Alexander Kriegisch (kriegaex) http://freetz.org |
From: yin s. <sun...@gm...> - 2012-02-03 02:28:32
|
I guess you are right, there is no yama LSM in 2.6.33.7 /Yin On Tue, Jan 31, 2012 at 8:48 PM, Alexander Kriegisch <kri...@fr...> wrote: > Hi. > > I am running andLinux/coLinux: > > $ uname -a > Linux andLinux 2.6.33.7-co-0.7.10-r1588 #1 PREEMPT Mon Aug 8 04:13:31 UTC 2011 i686 athlon i386 GNU/Linux > > But... > > $ cat /etc/motd | head -n 1 > Welcome to Ubuntu 11.10 (GNU/Linux 2.6.33.7-co-0.7.10-r1588 i686) > > Now the problem is so-called "ptrace protection", explained there: > https://wiki.edubuntu.org/SecurityTeam/Roadmap/KernelHardening#ptrace_Protection > > I tried to use tools like reptyr and injcode: > https://github.com/nelhage/reptyr#readme > https://github.com/ThomasHabets/injcode#readme > > Both of them do not work as expected. My suspicion is that this is due to my combination of coLinux kernel (without yama) and new Ubuntu (relying on yama). I tried to run the tools as root (sudo -i) because I expected ptrace protection to be inactive according to the description at Ubuntu, but to no avail. > > My questions are: > 1) Can you confirm that my suscpcion is correct? > 2a) If not, what else might be the reason for my problems? > 2b) If so, is there anything I can do about it like downloading a coLinux kernel with built-in yama support from somewhere or asking you to build in yama protection in the future? > > Disclaimer: Maybe I am not asking the right questions. Please note that I am a user, not a kernel hacker. > > Any help is appreciated. Thanks in advance. > -- > Alexander Kriegisch (kriegaex) > http://freetz.org > > > > > ------------------------------------------------------------------------------ > Keep Your Developer Skills Current with LearnDevNow! > The most comprehensive online learning library for Microsoft developers > is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, > Metro Style Apps, more. Free future releases when you subscribe now! > http://p.sf.net/sfu/learndevnow-d2d > _______________________________________________ > coLinux-users mailing list > coL...@li... > https://lists.sourceforge.net/lists/listinfo/colinux-users |
From: yin s. <sun...@gm...> - 2012-02-03 05:47:53
|
OK, I tried on my debian 6.0.3 (latest colinux kernel), rettyer works. And I am sure the colinux doesn't have yama. whether have yama or not may not be your problem. Since it only provide protection for non root user. not sure what else could be wrong, sorry can't help you more. /Yin On Thu, Feb 2, 2012 at 6:28 PM, yin sun <sun...@gm...> wrote: > I guess you are right, there is no yama LSM in 2.6.33.7 > > /Yin > > On Tue, Jan 31, 2012 at 8:48 PM, Alexander Kriegisch > <kri...@fr...> wrote: >> Hi. >> >> I am running andLinux/coLinux: >> >> $ uname -a >> Linux andLinux 2.6.33.7-co-0.7.10-r1588 #1 PREEMPT Mon Aug 8 04:13:31 UTC 2011 i686 athlon i386 GNU/Linux >> >> But... >> >> $ cat /etc/motd | head -n 1 >> Welcome to Ubuntu 11.10 (GNU/Linux 2.6.33.7-co-0.7.10-r1588 i686) >> >> Now the problem is so-called "ptrace protection", explained there: >> https://wiki.edubuntu.org/SecurityTeam/Roadmap/KernelHardening#ptrace_Protection >> >> I tried to use tools like reptyr and injcode: >> https://github.com/nelhage/reptyr#readme >> https://github.com/ThomasHabets/injcode#readme >> >> Both of them do not work as expected. My suspicion is that this is due to my combination of coLinux kernel (without yama) and new Ubuntu (relying on yama). I tried to run the tools as root (sudo -i) because I expected ptrace protection to be inactive according to the description at Ubuntu, but to no avail. >> >> My questions are: >> 1) Can you confirm that my suscpcion is correct? >> 2a) If not, what else might be the reason for my problems? >> 2b) If so, is there anything I can do about it like downloading a coLinux kernel with built-in yama support from somewhere or asking you to build in yama protection in the future? >> >> Disclaimer: Maybe I am not asking the right questions. Please note that I am a user, not a kernel hacker. >> >> Any help is appreciated. Thanks in advance. >> -- >> Alexander Kriegisch (kriegaex) >> http://freetz.org >> >> >> >> >> ------------------------------------------------------------------------------ >> Keep Your Developer Skills Current with LearnDevNow! >> The most comprehensive online learning library for Microsoft developers >> is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, >> Metro Style Apps, more. Free future releases when you subscribe now! >> http://p.sf.net/sfu/learndevnow-d2d >> _______________________________________________ >> coLinux-users mailing list >> coL...@li... >> https://lists.sourceforge.net/lists/listinfo/colinux-users |
From: Alexander K. <kri...@fr...> - 2012-02-03 13:37:43
|
Thanks Yin for testing this and trying to help me. Probably you mean either reptyr or retty when you mention that you tested this on your system (I do not know a tool named rettyer). I do not know about Debian 6.0.3, but I guess it does not have yama in its original kernel so there is no damage done if colinux does not have it either. Debian 6.0.3 just does not expect it. so the test is kind of pointless. Let me explain (again) why: I am running Ubuntu 11.10. Its original kernel *does* have yama, so the rest of the system expects it to exist. Probably it checks the return value of /proc/sys/kernel/yama/ptrace_scope, but that "file" does not exist if there is no yama. Now reptyr even knows about yama, showing a warning message if /proc/sys/kernel/yama/ptrace_scope returns 1. As soon as I set it to 0 on my native Ubuntu, reptyr works nicely. I guess it also does on colinux if you use an OS which does not expect yama ptrace protection to be in the kernel, e.g. an older Ubuntu or probably your Debian 6.0.3. Do you understand the issue at hand now? I hope I made myself clearer now. Maybe you have a clue for me. Is there a way to simulate this "file" /proc/sys/kernel/yama/ptrace_scope and make it always return 0 so Ubuntu and reptyr are satisfied? Thanks again -- Alexander yin sun, 03.02.2012 06:47: > OK, I tried on my debian 6.0.3 (latest colinux kernel), rettyer works. > And I am sure the colinux doesn't have yama. whether have yama or not > may not be your problem. > Since it only provide protection for non root user. > not sure what else could be wrong, sorry can't help you more. > > /Yin > > > > On Thu, Feb 2, 2012 at 6:28 PM, yin sun <sun...@gm...> wrote: >> I guess you are right, there is no yama LSM in 2.6.33.7 >> >> /Yin >> >> On Tue, Jan 31, 2012 at 8:48 PM, Alexander Kriegisch >> <kri...@fr...> wrote: >>> Hi. >>> >>> I am running andLinux/coLinux: >>> >>> $ uname -a >>> Linux andLinux 2.6.33.7-co-0.7.10-r1588 #1 PREEMPT Mon Aug 8 04:13:31 UTC 2011 i686 athlon i386 GNU/Linux >>> >>> But... >>> >>> $ cat /etc/motd | head -n 1 >>> Welcome to Ubuntu 11.10 (GNU/Linux 2.6.33.7-co-0.7.10-r1588 i686) >>> >>> Now the problem is so-called "ptrace protection", explained there: >>> https://wiki.edubuntu.org/SecurityTeam/Roadmap/KernelHardening#ptrace_Protection >>> >>> I tried to use tools like reptyr and injcode: >>> https://github.com/nelhage/reptyr#readme >>> https://github.com/ThomasHabets/injcode#readme >>> >>> Both of them do not work as expected. My suspicion is that this is due to my combination of coLinux kernel (without yama) and new Ubuntu (relying on yama). I tried to run the tools as root (sudo -i) because I expected ptrace protection to be inactive according to the description at Ubuntu, but to no avail. >>> >>> My questions are: >>> 1) Can you confirm that my suscpcion is correct? >>> 2a) If not, what else might be the reason for my problems? >>> 2b) If so, is there anything I can do about it like downloading a coLinux kernel with built-in yama support from somewhere or asking you to build in yama protection in the future? >>> >>> Disclaimer: Maybe I am not asking the right questions. Please note that I am a user, not a kernel hacker. >>> >>> Any help is appreciated. Thanks in advance. |
From: Alexander K. <Alexander@Kriegisch.name> - 2012-04-02 09:51:33
|
Just because I just read an article about the upcoming Linux kernel 3.4, I wanted to mention that Yama now made it into the kernel main line: http://heise.de/-1498405 (in German) https://lkml.org/lkml/2012/3/20/510 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=2d514487faf188938a4ee4fb3464eeecfbdcf8eb Alexander Kriegisch, 03.02.2012 14:37: > Thanks Yin for testing this and trying to help me. > > Probably you mean either reptyr or retty when you mention that you > tested this on your system (I do not know a tool named rettyer). > > I do not know about Debian 6.0.3, but I guess it does not have yama in > its original kernel so there is no damage done if colinux does not have > it either. Debian 6.0.3 just does not expect it. so the test is kind of > pointless. Let me explain (again) why: I am running Ubuntu 11.10. Its > original kernel *does* have yama, so the rest of the system expects it > to exist. Probably it checks the return value of > /proc/sys/kernel/yama/ptrace_scope, but that "file" does not exist if > there is no yama. Now reptyr even knows about yama, showing a warning > message if /proc/sys/kernel/yama/ptrace_scope returns 1. As soon as I > set it to 0 on my native Ubuntu, reptyr works nicely. I guess it also > does on colinux if you use an OS which does not expect yama ptrace > protection to be in the kernel, e.g. an older Ubuntu or probably your > Debian 6.0.3. > > Do you understand the issue at hand now? I hope I made myself clearer > now. Maybe you have a clue for me. Is there a way to simulate this > "file" /proc/sys/kernel/yama/ptrace_scope and make it always return 0 so > Ubuntu and reptyr are satisfied? > > Thanks again > -- > Alexander > > > yin sun, 03.02.2012 06:47: >> OK, I tried on my debian 6.0.3 (latest colinux kernel), rettyer works. >> And I am sure the colinux doesn't have yama. whether have yama or not >> may not be your problem. >> Since it only provide protection for non root user. >> not sure what else could be wrong, sorry can't help you more. >> >> /Yin >> >> >> >> On Thu, Feb 2, 2012 at 6:28 PM, yin sun <sun...@gm...> wrote: >>> I guess you are right, there is no yama LSM in 2.6.33.7 >>> >>> /Yin >>> >>> On Tue, Jan 31, 2012 at 8:48 PM, Alexander Kriegisch >>> <kri...@fr...> wrote: >>>> Hi. >>>> >>>> I am running andLinux/coLinux: >>>> >>>> $ uname -a >>>> Linux andLinux 2.6.33.7-co-0.7.10-r1588 #1 PREEMPT Mon Aug 8 04:13:31 UTC 2011 i686 athlon i386 GNU/Linux >>>> >>>> But... >>>> >>>> $ cat /etc/motd | head -n 1 >>>> Welcome to Ubuntu 11.10 (GNU/Linux 2.6.33.7-co-0.7.10-r1588 i686) >>>> >>>> Now the problem is so-called "ptrace protection", explained there: >>>> https://wiki.edubuntu.org/SecurityTeam/Roadmap/KernelHardening#ptrace_Protection >>>> >>>> I tried to use tools like reptyr and injcode: >>>> https://github.com/nelhage/reptyr#readme >>>> https://github.com/ThomasHabets/injcode#readme >>>> >>>> Both of them do not work as expected. My suspicion is that this is due to my combination of coLinux kernel (without yama) and new Ubuntu (relying on yama). I tried to run the tools as root (sudo -i) because I expected ptrace protection to be inactive according to the description at Ubuntu, but to no avail. >>>> >>>> My questions are: >>>> 1) Can you confirm that my suscpcion is correct? >>>> 2a) If not, what else might be the reason for my problems? >>>> 2b) If so, is there anything I can do about it like downloading a coLinux kernel with built-in yama support from somewhere or asking you to build in yama protection in the future? >>>> >>>> Disclaimer: Maybe I am not asking the right questions. Please note that I am a user, not a kernel hacker. >>>> >>>> Any help is appreciated. Thanks in advance. > > ------------------------------------------------------------------------------ > Try before you buy = See our experts in action! > The most comprehensive online learning library for Microsoft developers > is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, > Metro Style Apps, more. Free future releases when you subscribe now! > http://p.sf.net/sfu/learndevnow-dev2 > _______________________________________________ > coLinux-users mailing list > coL...@li... > https://lists.sourceforge.net/lists/listinfo/colinux-users > |