Re: Testers wanted: exorcised kmod.c: no more daemon!

Adam J. Richter (adam@yggdrasil.com)
Tue, 14 Apr 1998 09:35:43 -0700

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Jeff Morriss: "Re: Per process mount options?"
Previous message: Linus Torvalds: "Re: symlinks."

bytor@logicsouth.com:
>I'm no security expert, but couldn't something like this add a possible
>security hole? "Hey, they are running linux 2.[1,2]... I know he has rmmod
>cron'd as root."

If you can put a trojan horse in rmmod, you could already
get root before, because:

1. rmmod is always executed as root (this involves
waiting for someone to do an rmmod), and
2. rmmod is a hard link to insmod, which is called
by modprobe, which is exec'ed by every version of
kmod whenever a module is requested.

Adam J. Richter __ ______________ 4880 Stevens Creek Blvd, Suite 205
adam@yggdrasil.com \ / San Jose, California 95129-1034
+1 408 261-6630 | g g d r a s i l United States of America
fax +1 408 261-6631 "Free Software For The Rest Of Us."

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu

Next message: Jeff Morriss: "Re: Per process mount options?"
Previous message: Linus Torvalds: "Re: symlinks."