From: Keith Owens <kaos@ocs.com.au>
To: linux-kernel@vger.kernel.org
Subject: Local root exploit with kmod and modutils > 2.1.121
Date: Mon, 13 Nov 2000 21:57:08 +1100 [thread overview]
Message-ID: <2329.974113028@ocs3.ocs-net> (raw)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Content-Type: text/plain; charset=us-ascii
A local root exploit has been found using kernels compiled with kmod
and modutils > 2.1.121. Kernels without kmod and systems using
modutils 2.1.121 are not affected.
Patch against modutils 2.3.19, it should fit any 2.3 modutils.
Index: 19.7/util/meta_expand.c
- --- 19.7/util/meta_expand.c Sun, 10 Sep 2000 12:56:40 +1100 kaos (modutils-2.3/10_meta_expan 1.4 644)
+++ 19.7(w)/util/meta_expand.c Mon, 13 Nov 2000 21:19:41 +1100 kaos (modutils-2.3/10_meta_expan 1.4 644)
@@ -156,12 +156,8 @@ static int glob_it(char *pt, GLOB_LIST *
*/
int meta_expand(char *pt, GLOB_LIST *g, char *base_dir, char *version)
{
- - FILE *fin;
- - int len = 0;
- - char *line = NULL;
char *p;
char tmpline[PATH_MAX + 1];
- - char tmpcmd[PATH_MAX + 11];
g->pathc = 0;
g->pathv = NULL;
@@ -277,38 +273,6 @@ int meta_expand(char *pt, GLOB_LIST *g,
/* Only "=" remaining, should be module options */
split_line(g, pt, 0);
return 0;
- - }
- -
- - /*
- - * Last resort: Use "echo"
- - */
- - sprintf(tmpline, "%s%s", (base_dir ? base_dir : ""), pt);
- - sprintf(tmpcmd, "/bin/echo %s", tmpline);
- - if ((fin = popen(tmpcmd, "r")) == NULL) {
- - error("Can't execute: %s", tmpcmd);
- - return -1;
- - }
- - /* else */
- -
- - /*
- - * Collect the result
- - */
- - while (fgets(tmpcmd, PATH_MAX, fin) != NULL) {
- - int l = strlen(tmpcmd);
- -
- - line = (char *)xrealloc(line, len + l + 1);
- - line[len] = '\0';
- - strcat(line + len, tmpcmd);
- - len += l;
- - }
- - pclose(fin);
- -
- - if (line) {
- - /* Ignore result if no expansion occurred */
- - strcat(tmpline, "\n");
- - if (strcmp(tmpline, line))
- - split_line(g, line, 0);
- - free(line);
}
return 0;
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.3 (GNU/Linux)
Comment: Exmh version 2.1.1 10/15/1999
iD8DBQE6D8kEi4UHNye0ZOoRAmVTAKCktbi9DI5t0sj8wd1/vjLtgwVW6QCgnO0L
mVbPskoIGSSyTE8I9K7FcAg=
=Z1/L
-----END PGP SIGNATURE-----
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
Please read the FAQ at http://www.tux.org/lkml/
next reply other threads:[~2000-11-13 10:57 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2000-11-13 10:57 Keith Owens [this message]
[not found] <Pine.LNX.4.21.0011131915240.19775-100000@ferret.lmh.ox.ac.uk>
2000-11-13 23:11 ` Local root exploit with kmod and modutils > 2.1.121 Keith Owens
2000-11-16 16:04 ` Alan Cox
2000-11-16 17:05 ` kuznet
2000-11-16 17:19 ` Alan Cox
2000-11-16 17:32 ` kuznet
2000-11-16 18:24 ` Alan Cox
2000-11-16 18:56 ` kuznet
2000-11-16 20:24 ` Keith Owens
2000-11-16 21:45 ` Alan Cox
-- strict thread matches above, loose matches on Subject: below --
2000-11-14 20:31 Adam J. Richter
2000-11-14 22:50 ` Keith Owens
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=2329.974113028@ocs3.ocs-net \
--to=kaos@ocs.com.au \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox