On 15 Nov 2000 22:04:47 -0800,
"H. Peter Anvin" <hpa@zytor.com> wrote:
>No, it's correct, actually, but probably not what you want. It will
>include all letters [A-Za-z], but if a module named "ärlig"...
Trying to sanitise the module name in request_module is the wrong fix
anyway, the kernel can ask for any module name it likes. What it must
not do is treat user supplied input _unchanged_ as a module name.
modutils 2.3.20 (just released) fixes all the known local root
exploits, without kernel changes. However 2.3.20 does nothing about
this problem: "ping6 -I module_name" which lets any user load any
module. That problem exists because the kernel passes user supplied
data unchanged to request_module. The only fix is to add a prefix to
user supplied input (say 'user-interface-') before passing the text to
request_module. This has to be fixed in the higher layers of the
kernel, it cannot be fixed in request_module or modprobe.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Thu Nov 23 2000 - 21:00:09 EST