From: Chase Venters <chase.venters@clientec.com>
To: goodfellas@shellcode.com.ar
Cc: Linux kernel <linux-kernel@vger.kernel.org>,
Kyle Moffett <mrmacman_g4@mac.com>,
endrazine <endrazine@gmail.com>,
Stephen Hemminger <shemminger@osdl.org>,
Valdis.Kletnieks@vt.edu, Alan Cox <alan@lxorguk.ukuu.org.uk>
Subject: Re: Registration Weakness in Linux Kernel's Binary formats
Date: Tue, 3 Oct 2006 22:49:10 -0500 [thread overview]
Message-ID: <200610032249.33712.chase.venters@clientec.com> (raw)
In-Reply-To: <1159902785.2855.34.camel@goku.staff.locallan>
On Tuesday 03 October 2006 14:12, SHELLCODE Security Research wrote:
> Hello,
> The present document aims to demonstrate a design weakness found in the
> handling of simply
> linked lists used to register binary formats handled by
> Linux kernel, and affects all the kernel families
> (2.0/2.2/2.4/2.6), allowing the insertion of infection modules in
> kernel space that can be used by malicious users to create infection
> tools, for example rootkits.
Yay, you've been Slashdotted!
Question: Why did you personally submit this to Slashdot when it is absolutely
clear that the observation is akin to figuring out a process can call fork()
and exec() and become "/bin/rm" with an argv of "/bin/rm", "-rf", and "*"?
Is this what you call good marketing?
> POC, details and proposed solution at:
> English version: http://www.shellcode.com.ar/docz/binfmt-en.pdf
> Spanish version: http://www.shellcode.com.ar/docz/binfmt-es.pdf
>
Thanks,
Chase
next prev parent reply other threads:[~2006-10-04 3:49 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-10-03 19:13 Registration Weakness in Linux Kernel's Binary formats SHELLCODE Security Research
2006-10-03 21:48 ` Chase Venters
2006-10-03 22:54 ` Alan Cox
2006-10-04 3:49 ` Chase Venters [this message]
-- strict thread matches above, loose matches on Subject: below --
2006-10-03 21:25 Fwd: " Bráulio Oliveira
2006-10-03 21:53 ` Kyle Moffett
2006-10-03 21:59 ` Stephen Hemminger
2006-10-03 22:28 ` Valdis.Kletnieks
2006-10-04 4:08 Julio Auto
2006-10-04 4:25 ` Chase Venters
2006-10-04 14:55 ` Alan Cox
2006-10-04 14:34 ` Xavier Bestel
2006-10-04 5:40 ` Kyle Moffett
2006-10-04 7:11 ` Peter Read
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=200610032249.33712.chase.venters@clientec.com \
--to=chase.venters@clientec.com \
--cc=Valdis.Kletnieks@vt.edu \
--cc=alan@lxorguk.ukuu.org.uk \
--cc=endrazine@gmail.com \
--cc=goodfellas@shellcode.com.ar \
--cc=linux-kernel@vger.kernel.org \
--cc=mrmacman_g4@mac.com \
--cc=shemminger@osdl.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox