Menu
▾
▴
Re: [coLinux-users] Problem with ptrace protection in Ubuntu
|
From: Alexander K. <Ale...@Kr...> - 2012-04-02 09:51:33
|
Just because I just read an article about the upcoming Linux kernel 3.4, I wanted to mention that Yama now made it into the kernel main line: http://heise.de/-1498405 (in German) https://lkml.org/lkml/2012/3/20/510 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=2d514487faf188938a4ee4fb3464eeecfbdcf8eb Alexander Kriegisch, 03.02.2012 14:37: > Thanks Yin for testing this and trying to help me. > > Probably you mean either reptyr or retty when you mention that you > tested this on your system (I do not know a tool named rettyer). > > I do not know about Debian 6.0.3, but I guess it does not have yama in > its original kernel so there is no damage done if colinux does not have > it either. Debian 6.0.3 just does not expect it. so the test is kind of > pointless. Let me explain (again) why: I am running Ubuntu 11.10. Its > original kernel *does* have yama, so the rest of the system expects it > to exist. Probably it checks the return value of > /proc/sys/kernel/yama/ptrace_scope, but that "file" does not exist if > there is no yama. Now reptyr even knows about yama, showing a warning > message if /proc/sys/kernel/yama/ptrace_scope returns 1. As soon as I > set it to 0 on my native Ubuntu, reptyr works nicely. I guess it also > does on colinux if you use an OS which does not expect yama ptrace > protection to be in the kernel, e.g. an older Ubuntu or probably your > Debian 6.0.3. > > Do you understand the issue at hand now? I hope I made myself clearer > now. Maybe you have a clue for me. Is there a way to simulate this > "file" /proc/sys/kernel/yama/ptrace_scope and make it always return 0 so > Ubuntu and reptyr are satisfied? > > Thanks again > -- > Alexander > > > yin sun, 03.02.2012 06:47: >> OK, I tried on my debian 6.0.3 (latest colinux kernel), rettyer works. >> And I am sure the colinux doesn't have yama. whether have yama or not >> may not be your problem. >> Since it only provide protection for non root user. >> not sure what else could be wrong, sorry can't help you more. >> >> /Yin >> >> >> >> On Thu, Feb 2, 2012 at 6:28 PM, yin sun <sun...@gm...> wrote: >>> I guess you are right, there is no yama LSM in 2.6.33.7 >>> >>> /Yin >>> >>> On Tue, Jan 31, 2012 at 8:48 PM, Alexander Kriegisch >>> <kri...@fr...> wrote: >>>> Hi. >>>> >>>> I am running andLinux/coLinux: >>>> >>>> $ uname -a >>>> Linux andLinux 2.6.33.7-co-0.7.10-r1588 #1 PREEMPT Mon Aug 8 04:13:31 UTC 2011 i686 athlon i386 GNU/Linux >>>> >>>> But... >>>> >>>> $ cat /etc/motd | head -n 1 >>>> Welcome to Ubuntu 11.10 (GNU/Linux 2.6.33.7-co-0.7.10-r1588 i686) >>>> >>>> Now the problem is so-called "ptrace protection", explained there: >>>> https://wiki.edubuntu.org/SecurityTeam/Roadmap/KernelHardening#ptrace_Protection >>>> >>>> I tried to use tools like reptyr and injcode: >>>> https://github.com/nelhage/reptyr#readme >>>> https://github.com/ThomasHabets/injcode#readme >>>> >>>> Both of them do not work as expected. My suspicion is that this is due to my combination of coLinux kernel (without yama) and new Ubuntu (relying on yama). I tried to run the tools as root (sudo -i) because I expected ptrace protection to be inactive according to the description at Ubuntu, but to no avail. >>>> >>>> My questions are: >>>> 1) Can you confirm that my suscpcion is correct? >>>> 2a) If not, what else might be the reason for my problems? >>>> 2b) If so, is there anything I can do about it like downloading a coLinux kernel with built-in yama support from somewhere or asking you to build in yama protection in the future? >>>> >>>> Disclaimer: Maybe I am not asking the right questions. Please note that I am a user, not a kernel hacker. >>>> >>>> Any help is appreciated. Thanks in advance. > > ------------------------------------------------------------------------------ > Try before you buy = See our experts in action! > The most comprehensive online learning library for Microsoft developers > is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, > Metro Style Apps, more. Free future releases when you subscribe now! > http://p.sf.net/sfu/learndevnow-dev2 > _______________________________________________ > coLinux-users mailing list > coL...@li... > https://lists.sourceforge.net/lists/listinfo/colinux-users > |
