Local root exploit with kmod and modutils > 2.1.121

• Next message: Andrew Morton: "Re: 2.4.0-test11pre2-ac1 and previous problem"
• Previous message: Keith Owens: "Re: 2.4.0-test11pre2-ac1 and previous problem"
• Next in thread: Keith Owens: "Local root exploit with kmod and modutils > 2.1.121"
• Maybe reply: Keith Owens: "Local root exploit with kmod and modutils > 2.1.121"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Content-Type: text/plain; charset=us-ascii

A local root exploit has been found using kernels compiled with kmod
and modutils > 2.1.121. Kernels without kmod and systems using
modutils 2.1.121 are not affected.

Patch against modutils 2.3.19, it should fit any 2.3 modutils.

Index: 19.7/util/meta_expand.c
- --- 19.7/util/meta_expand.c Sun, 10 Sep 2000 12:56:40 +1100 kaos (modutils-2.3/10_meta_expan 1.4 644)
+++ 19.7(w)/util/meta_expand.c Mon, 13 Nov 2000 21:19:41 +1100 kaos (modutils-2.3/10_meta_expan 1.4 644)
@@ -156,12 +156,8 @@ static int glob_it(char *pt, GLOB_LIST *
  */
 int meta_expand(char *pt, GLOB_LIST *g, char *base_dir, char *version)
 {
- - FILE *fin;
- - int len = 0;
- - char *line = NULL;
         char *p;
         char tmpline[PATH_MAX + 1];
- - char tmpcmd[PATH_MAX + 11];
 
         g->pathc = 0;
         g->pathv = NULL;
@@ -277,38 +273,6 @@ int meta_expand(char *pt, GLOB_LIST *g,
                 /* Only "=" remaining, should be module options */
                 split_line(g, pt, 0);
                 return 0;
- - }
- -
- - /*
- - * Last resort: Use "echo"
- - */
- - sprintf(tmpline, "%s%s", (base_dir ? base_dir : ""), pt);
- - sprintf(tmpcmd, "/bin/echo %s", tmpline);
- - if ((fin = popen(tmpcmd, "r")) == NULL) {
- - error("Can't execute: %s", tmpcmd);
- - return -1;
- - }
- - /* else */
- -
- - /*
- - * Collect the result
- - */
- - while (fgets(tmpcmd, PATH_MAX, fin) != NULL) {
- - int l = strlen(tmpcmd);
- -
- - line = (char *)xrealloc(line, len + l + 1);
- - line[len] = '\0';
- - strcat(line + len, tmpcmd);
- - len += l;
- - }
- - pclose(fin);
- -
- - if (line) {
- - /* Ignore result if no expansion occurred */
- - strcat(tmpline, "\n");
- - if (strcmp(tmpline, line))
- - split_line(g, line, 0);
- - free(line);
         }
 
         return 0;

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.3 (GNU/Linux)
Comment: Exmh version 2.1.1 10/15/1999

iD8DBQE6D8kEi4UHNye0ZOoRAmVTAKCktbi9DI5t0sj8wd1/vjLtgwVW6QCgnO0L
mVbPskoIGSSyTE8I9K7FcAg=
=Z1/L
-----END PGP SIGNATURE-----

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
Please read the FAQ at http://www.tux.org/lkml/

• Next message: Andrew Morton: "Re: 2.4.0-test11pre2-ac1 and previous problem"
• Previous message: Keith Owens: "Re: 2.4.0-test11pre2-ac1 and previous problem"
• Next in thread: Keith Owens: "Local root exploit with kmod and modutils > 2.1.121"
• Maybe reply: Keith Owens: "Local root exploit with kmod and modutils > 2.1.121"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b29 : Wed Nov 15 2000 - 21:00:23 EST