> The original exploit had nothing to do with filenames masquerading as
> options, it was: ping6 -I ';chmod o+w .'. Then somebody pointed out
Why is there any reason that a shell should be invoked anywhere in the
request_module->modprobe->insmod chain?
If implemented correctly, this attack should have the same result as
insmod ';chmod o+w .' (and it should not matter if it gets renamed so
that the actual command executed is insmod 'netdevice-;chmod o+w .')
> The problem is the combination of kernel code passing user space
> parameters through unchanged (promoting user input to root)
Which means that all parts of the chain which deal with possible user
input in elevated privilege mode must do input validation. This means
the kernel _and_ modprobe in my book.
> plus the
> modprobe meta expansion algorithm.
and I see no reason why modprobe should do any such thing, apart from
configurations dealt with in modules.conf anyway.
Olaf
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Wed Nov 15 2000 - 21:00:28 EST