Re: Registration Weakness in Linux Kernel's Binary formats
From: Valdis . Kletnieks
Date: Tue Oct 03 2006 - 18:28:53 EST
On Tue, 03 Oct 2006 14:59:54 PDT, Stephen Hemminger said:
> I looked at it, basically his argument which is all flowered up in pretty
> pictures and security vulnerability language is:
>
> If root loads a buggy module then the module can be used to compromise
> the system.
>
> Well isn't that surprising.
Big yawner. Now if the claim had been that a properly buggy module, inserted
under a certain set of circumstances, got onto the binfmt list *even when the
process loading it wasn't root*, now *that* would be an exploit....
Attachment:
pgp00000.pgp
Description: PGP signature