Re: Modprobe local root exploit

From: Peter Samuelson (peter@cadcamlab.org)
Date: Mon Nov 13 2000 - 14:46:30 EST

Next message: Szabolcs Szakacsits: "[PATCH] Re: reliability of linux-vm subsystem"
Previous message: Ingo Oeser: "Re: State of Posix compliance in v2.2/v2.4 kernel?"
In reply to: Torsten Duwe: "Re: Modprobe local root exploit"
Next in thread: Daniel Phillips: "Re: Modprobe local root exploit"
Reply: Daniel Phillips: "Re: Modprobe local root exploit"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

[Torsten Duwe]
> >>>>> "Francis" == Francis Galiegue <fg@mandrakesoft.com> writes:
>
> >> + if ((*p & 0xdf) >= 'a' && (*p & 0xdf) <= 'z') continue;
>
> Francis> Just in case... Some modules have uppercase letters too :)
>
> That's what the &0xdf is intended for...

It's wrong, then: you've converted to uppercase, not lowercase.

request_module is not a fast path. Do it the obvious, unoptimized way:

  if ((*p < 'a' || *p > 'z') &&
      (*p < 'A' || *p > 'Z') &&
      (*p < '0' || *p > '9') &&
      *p != '-' && *p != '_')
    return -EINVAL;

Peter
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
Please read the FAQ at http://www.tux.org/lkml/

Next message: Szabolcs Szakacsits: "[PATCH] Re: reliability of linux-vm subsystem"
Previous message: Ingo Oeser: "Re: State of Posix compliance in v2.2/v2.4 kernel?"
In reply to: Torsten Duwe: "Re: Modprobe local root exploit"
Next in thread: Daniel Phillips: "Re: Modprobe local root exploit"
Reply: Daniel Phillips: "Re: Modprobe local root exploit"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b29 : Wed Nov 15 2000 - 21:00:24 EST