[PATCH] Re: Local root exploit with kmod and modutils > 2.1.121

From: Xavier Bestel (xavier.bestel@free.fr)
Date: Thu Nov 16 2000 - 14:08:35 EST

Hi,

as modprobe (insmod) seems to have POSIX args handling, we should perhaps add "--"
to the modprobe cmdline, in order to stop further args processing, and to avoid
mixing a textual argument with an option.
BTW, it should perhaps be generalized.

Xav

--- linux-2.4-test10/kernel/kmod.c Tue Sep 26 01:18:55 2000
+++ linux/kernel/kmod.c Thu Nov 16 19:57:45 2000
@@ -133,7 +133,7 @@
 static int exec_modprobe(void * module_name)
 {
         static char * envp[] = { "HOME=/", "TERM=linux", "PATH=/sbin:/usr/sbin:/bin:/usr/bin", NULL };
- char *argv[] = { modprobe_path, "-s", "-k", (char*)module_name, NULL };
+ char *argv[] = { modprobe_path, "-s", "-k", "--", (char*)module_name, NULL };
         int ret;
 
         ret = exec_usermodehelper(modprobe_path, argv, envp);

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
Please read the FAQ at http://www.tux.org/lkml/

This archive was generated by hypermail 2b29 : Thu Nov 23 2000 - 21:00:11 EST