Sorry, but how about a link to the security issue-- or at least some more details?

To: linux-kernel@vger.kernel.org
Subject: Ptrace hole / Linux 2.2.25
From: Alan Cox
Date: Mon, 17 Mar 2003 11:04:35 -0500 (EST)
Sender: linux-kernel-owner@vger.kernel.org

-----------------------

Vulnerability: CAN-2003-0127

The Linux 2.2 and Linux 2.4 kernels have a flaw in ptrace. This hole allows
local users to obtain full privileges. Remote exploitation of this hole is
not possible. Linux 2.5 is not believed to be vulnerable.

Linux 2.2.25 has been released to correct Linux 2.2. It contains no other
changes. The bug fixes that would have been in 2.2.5pre1 will now appear in
2.2.26pre1. The patch will apply directly to most older 2.2 releases.

A patch for Linux 2.4.20/Linux 2.4.21pre is attached. The patch also
subtly changes the PR_SET_DUMPABLE prctl. We believe this is neccessary and
that it will not affect any software. The functionality change is specific
to unusual debugging situations.

We would like to thank Andrzej Szombierski who found the problem, and
wrote an initial patch. Seth Arnold cleaned up the 2.2 change. Arjan van
de Ven and Ben LaHaise identified additional problems with the original
fix.

Alan

[spinics.net...]
The link is dead right now, now doubt that it's because of high traffic volume.

Looks like it is a local vulnerability, where an unprivileged user could gain root access.

littleman, the link from slashdot was dead which is why I didnt post it in my original message.

This hole allows local users to obtain full privileges.

Which means that you already need a valid account on the system to take advantage of the problem. No issue at all for machines that just act as web servers etc. without allowing people to login with a shell.

(not that admins shouldn't install the patch anyway, mind you...;))

<paranoid mode> Yeah, well, I'm in a shared server with SSH access, so I've just made a tar -cvf backup.tar . && bzip2 backup.tar just in case... I just hope it's not too late :) </paranoid mode>

<added> LOL, I meant that I downloaded it just after doing it...</added>

[edited by: Duckula at 7:08 pm (utc) on Mar. 19, 2003]

bird, don't go in with that additide on security. if nobody can reach the box because nobody has accounts or their trusted. your services run under accounts if anything running on those services can be exploited a simple entry point is made that could exploit this security issue with ease. it's suggested everyone who runs a box or is running unix for their server bring this to their system administrators attention and ask for them to reply when it is indeed patched, fixed, upgraded, updated and whatnot. :P I love security :) but if your server is anywhere accessable to the net your at risk. :)

Duckula make sure that backup is somewhere not on the server just incase it were to crash or get deleted. I've seen oOoh too many times people doing local backups, doesnt do much good when the servers data disappears :) If ya did offsite backup then you rock!