Re: Registration Weakness in Linux Kernel's Binary formats

From: Valdis . Kletnieks
Date: Tue Oct 03 2006 - 18:28:53 EST

Next message: Alan Cox: "Re: Registration Weakness in Linux Kernel's Bin ary formats"
Previous message: Andrew Morton: "Re: [PATCH take2 1/5] dio: centralize completion in dio_complete()"
In reply to: Stephen Hemminger: "Re: Registration Weakness in Linux Kernel's Binary formats"
Next in thread: endrazine: "Re: Fwd: Registration Weakness in Linux Kernel's Binary formats"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, 03 Oct 2006 14:59:54 PDT, Stephen Hemminger said:

> I looked at it, basically his argument which is all flowered up in pretty
> pictures and security vulnerability language is:
>
> If root loads a buggy module then the module can be used to compromise
> the system.
>
> Well isn't that surprising.

Big yawner. Now if the claim had been that a properly buggy module, inserted
under a certain set of circumstances, got onto the binfmt list *even when the
process loading it wasn't root*, now *that* would be an exploit....

Attachment: pgp00000.pgp
Description: PGP signature

Next message: Alan Cox: "Re: Registration Weakness in Linux Kernel's Bin ary formats"
Previous message: Andrew Morton: "Re: [PATCH take2 1/5] dio: centralize completion in dio_complete()"
In reply to: Stephen Hemminger: "Re: Registration Weakness in Linux Kernel's Binary formats"
Next in thread: endrazine: "Re: Fwd: Registration Weakness in Linux Kernel's Binary formats"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]