From: Kyle Sparger [ksparger@DIALTONEINTERNET.NET]
Sent: Thursday, June 08, 2000 2:42 PM
To: BUGTRAQ@SECURITYFOCUS.COM
Subject: Re: Sendmail 8.10.2, Linux 2.4.0 - capabilities

> My first shot at Linux kernel hacking - were there any other tweaks to
> close this hole? ;)

I don't know what all the consequences of this are, but the module below
will disable the capset system call (which I think is necessary for the
exploit).  This is also my first shot at kernel hacking -- if I did
something stupid, please educate rather than flame :)

Note that I don't know what all uses the capabilities code, but I've been
running this module on my system here for a few hours without consequence.

Thanks,

Kyle Sparger - Senior System Administrator
Dialtone Internet - Extremely Fast Web Systems
(954) 581-0097 - Voice (954) 581-7629 - Fax
ksparger@dialtoneinternet.net
http://www.dialtoneinternet.net

---------------------------------------
bogus_capset.c, compile:

gcc -DMODULE -c bogus_capset.c

---------------------------------------

#include <linux/kernel.h>
#include <linux/module.h>

#include <sys/syscall.h>
#include <linux/linkage.h>
#include <linux/errno.h>

#include <sys/syscall.h>

extern void *sys_call_table[];

asmlinkage int bogus_capset()
{
	return -EPERM;
}

int init_module()
{
  sys_call_table[__NR_capset] = bogus_capset;

  return 0;
}

void cleanup_module()
{
}