Andre Hedrick wrote:
> On Thu, 20 Jul 2000, Paul Jakma wrote:
>
> > On Wed, 19 Jul 2000, Andre Hedrick wrote:
> >
> > >
> > > Here is the rouge program that can be slipped into CRON.
> > > A perl script......you name the access point and it gets permission
> > > KISS your DATA GONE!
> > >
> >
> > it needs root right? so with this util root can trash the disk.. so what's
> > new?
>
> All you have to do is trick the kernel into thinking the access is root.
Whenever I trick the kernel to think that I'm Accessing something as
root, I have instant permanent Root-access. Wether I can write to ONE
disk block (which happens to contain the inode of the copy of /bin/sh
that I have prepared in my homedir) or I can change the "current->uid"
in main memory.
Whenever I trick the kernel into thinking I'm root for an instant,
that can be leveraged to "permanent root" and/or a wipe of the disk.
I hope that "sending raw packets to the disk" is a priviledged
operation, and not something that simply depends on the permissions on
the disk device?
Roger.
-- ** R.E.Wolff@BitWizard.nl ** http://www.BitWizard.nl/ ** +31-15-2137555 ** *-- BitWizard writes Linux device drivers for any device you may have! --* * Common sense is the collection of * ****** prejudices acquired by age eighteen. -- Albert Einstein ********- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Sun Jul 23 2000 - 21:00:14 EST