Difference between revisions of "Vuln kernel harden ptrace"
m |
m (→Plesk) |
||
(One intermediate revision by one user not shown) | |||
Line 7: | Line 7: | ||
== Plesk == | == Plesk == | ||
− | Parallels has added in an anti-reverse engineering feature in its products. Unfortunately, their implementation requires that they | + | Parallels has added in an anti-reverse engineering feature in its products. Unfortunately, their implementation requires that they be able to attack to ptrace processes that are not a descendent of the ptracing process. Which is exactly what this protection prevents. |
− | Therefore to use their products, you must open this hole in your system and disable PTRACE_HARDEN. This is not a bug in ASL. ASL is doing exactly what its supposed to do. This is a vulnerability in Parallels products. | + | They have added this to prevent people from debugging Parallels products. |
+ | |||
+ | Therefore to use their products, you must open this hole in your system and disable PTRACE_HARDEN. This is not a bug in ASL. ASL is doing exactly what its supposed to do. This is a vulnerability in Parallels products. | ||
== Additional Information == | == Additional Information == | ||
− | See this [https://atomicorp.com/forums/viewtopic.php?f=3&t=4636&p=26867 | + | See this [https://atomicorp.com/forums/viewtopic.php?f=3&t=4636&p=26867#p26867 forum post]. |
= Next Steps = | = Next Steps = |
Latest revision as of 14:38, 27 December 2012
Contents |
[edit] Kernel ptrace() restrictions are not enforced
The ASL kernel can enforce limitations on certain debugging capabilities to prevent them from being used to compromise the system. One of these is ptrace() function. When this protection is enabled TTY sniffers and other malicious monitoring programs implemented through ptrace will be defeated. This option only affects the ability of non-root users to ptrace processes that are not a descendent of the ptracing process. This means strace ./binary and gdb ./binary will still work, but attaching to arbitrary processes will not.
Non-ASL kernels do not have this protective capability. Attackers can use this capability to attach to running processes and either steal information from the processes, potentially gaining information such as password, encryption keys and other sensitive information, or they may be able to potentially compromise the system or applications on the system.
[edit] Plesk
Parallels has added in an anti-reverse engineering feature in its products. Unfortunately, their implementation requires that they be able to attack to ptrace processes that are not a descendent of the ptracing process. Which is exactly what this protection prevents.
They have added this to prevent people from debugging Parallels products.
Therefore to use their products, you must open this hole in your system and disable PTRACE_HARDEN. This is not a bug in ASL. ASL is doing exactly what its supposed to do. This is a vulnerability in Parallels products.
[edit] Additional Information
See this forum post.
[edit] Next Steps
First check to see if you are using the ASL kernel by going to this link.
If you are not running the ASL kernel:
Please reboot your system into the ASL kernel.
Note: If you have a VPS system, you will not have your own kernel. Please install ASL on the host server.
If you are running the ASL kernel:
Log into the ASL GUI, click on Configuration and select the ASL configuration menu option. This will open the ASL configuration screen. Scroll down to HARDEN_PTRACE and set this to "yes" then click update. You will need to reboot your server for this setting to be implemented on the server.