Re: Local root exploit with kmod and modutils > 2.1.121

From: Alan Cox (alan@lxorguk.ukuu.org.uk)
Date: Thu Nov 16 2000 - 11:04:23 EST

Next message: Jesse Pollard: "Re: [BUG] Inconsistent behaviour of rmdir"
Previous message: Alan Cox: "Re: APM oops with Dell 5000e laptop"
Next in thread: kuznet@ms2.inr.ac.ru: "Re: Local root exploit with kmod and modutils > 2.1.121"
Reply: kuznet@ms2.inr.ac.ru: "Re: Local root exploit with kmod and modutils > 2.1.121"
Reply: Keith Owens: "Re: Local root exploit with kmod and modutils > 2.1.121"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> request_module has the same effect as running suid. dev_load() can
> take the interface name and pass it to modprobe unchanged and modprobe
> does not verify its input, it trusts root/kernel.

Then dev_load is being called the wrong way. In older kernels we explicitly
only did a dev_load with user passed names providing suser() was true.

Alan

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
Please read the FAQ at http://www.tux.org/lkml/

Next message: Jesse Pollard: "Re: [BUG] Inconsistent behaviour of rmdir"
Previous message: Alan Cox: "Re: APM oops with Dell 5000e laptop"
Next in thread: kuznet@ms2.inr.ac.ru: "Re: Local root exploit with kmod and modutils > 2.1.121"
Reply: kuznet@ms2.inr.ac.ru: "Re: Local root exploit with kmod and modutils > 2.1.121"
Reply: Keith Owens: "Re: Local root exploit with kmod and modutils > 2.1.121"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b29 : Thu Nov 23 2000 - 21:00:10 EST