From: Keith Owens <kaos@ocs.com.au>
To: Olaf Titz <olaf@bigred.inka.de>
Cc: linux-kernel@vger.kernel.org
Subject: Re: More modutils: It's probably worse.
Date: Thu, 16 Nov 2000 15:31:35 +1100 [thread overview]
Message-ID: <7639.974349095@kao2.melbourne.sgi.com> (raw)
In-Reply-To: Your message of "Wed, 15 Nov 2000 11:43:54 BST." <E13w02k-000172-00@g212.hadiko.de>
On Wed, 15 Nov 2000 11:43:54 +0100,
>Why is there any reason that a shell should be invoked anywhere in the
>request_module->modprobe->insmod chain?
>If implemented correctly, this attack should have the same result as
>insmod ';chmod o+w .' (and it should not matter if it gets renamed so
>that the actual command executed is insmod 'netdevice-;chmod o+w .')
You are confusing two different problems. The meta expansion problem
means ;chmod o+w .' does nasty things to your system. The other
problem is that any user can load any module by ping6 -I module_name.
>> plus the
>> modprobe meta expansion algorithm.
>
>and I see no reason why modprobe should do any such thing, apart from
>configurations dealt with in modules.conf anyway.
modutils 2.3.20 only does meta expansion for entries in the config
file, not for input from the command line. That fixes the first
problem but does nothing about the second. The only way to fix the
second problem is by always adding a prefix to the user input before
passing it to modprobe, that fix has to be in the kernel, not modutils.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
Please read the FAQ at http://www.tux.org/lkml/
next prev parent reply other threads:[~2000-11-16 5:02 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <Pine.LNX.4.21.0011132040160.1699-100000@ferret.lmh.ox.ac.uk>
[not found] ` <Pine.LNX.4.21.0011132352550.31869-100000@dione.ids.pl>
2000-11-14 8:59 ` More modutils: It's probably worse Olaf Kirch
2000-11-14 10:04 ` David Schleef
2000-11-14 10:29 ` Guest section DW
2000-11-14 10:38 ` Olaf Kirch
2000-11-14 19:20 ` Ben Ford
2000-11-14 20:24 ` Michael H. Warfield
2000-11-14 19:42 ` H. Peter Anvin
2000-11-14 23:27 ` Keith Owens
2000-11-15 10:43 ` Olaf Titz
2000-11-15 11:17 ` Tim Waugh
2000-11-16 4:31 ` Keith Owens [this message]
2000-11-17 0:48 ` Rusty Russell
2000-11-14 12:47 Petr Vandrovec
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=7639.974349095@kao2.melbourne.sgi.com \
--to=kaos@ocs.com.au \
--cc=linux-kernel@vger.kernel.org \
--cc=olaf@bigred.inka.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox