Applying the enclosed diff against 2.1.97 + Adam's patches results in a
perfectly functional system. The question of security holes is one I'll
leave to the philosophers.
Thanks to r~ for the suggestions!
Steve
--- kmod_97.c-nodaemon Mon Apr 20 19:56:45 1998
+++ kmod.c Wed Apr 22 18:22:31 1998
@@ -55,15 +55,8 @@
use_init_file_context();
- /* Prevent parent user process from sending signals to child.
- Otherwise, if the modprobe program does not exist, it might
- be possible to get a user defined signal handler to execute
- as the super user right after the execve fails if you time
- the signal just right.
- */
- spin_lock_irq(¤t->sigmask_lock);
- sigfillset(¤t->blocked);
- spin_unlock_irq(¤t->sigmask_lock);
+ flush_signals(current);
+ flush_signal_handlers(current);
set_fs(KERNEL_DS); /* Allow execve args to be in kernel space. */
current->uid = current->euid = 0;
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu