In message <[EMAIL PROTECTED]> you write:
> On 14 Nov 2000 11:42:42 -0800,
> "H. Peter Anvin" <[EMAIL PROTECTED]> wrote:
> >Seriously, though, I don't see any reason modprobe shouldn't accept
> >funky filenames. There is a standard way to do that, which is to have
> >an argument consisting of th
On Wed, 15 Nov 2000 11:43:54 +0100,
>Why is there any reason that a shell should be invoked anywhere in the
>request_module->modprobe->insmod chain?
>If implemented correctly, this attack should have the same result as
>insmod ';chmod o+w .' (and it should not matter if it gets renamed so
>that t
On Wed, Nov 15, 2000 at 11:43:54AM +0100, Olaf Titz wrote:
> > plus the
> > modprobe meta expansion algorithm.
>
> and I see no reason why modprobe should do any such thing, apart from
> configurations dealt with in modules.conf anyway.
If it helps, wordexp has a flag to prevent command substit
> The original exploit had nothing to do with filenames masquerading as
> options, it was: ping6 -I ';chmod o+w .'. Then somebody pointed out
Why is there any reason that a shell should be invoked anywhere in the
request_module->modprobe->insmod chain?
If implemented correctly, this attack shoul
On 14 Nov 2000 11:42:42 -0800,
"H. Peter Anvin" <[EMAIL PROTECTED]> wrote:
>Seriously, though, I don't see any reason modprobe shouldn't accept
>funky filenames. There is a standard way to do that, which is to have
>an argument consisting of the string "--"; this indicates that any
>further argu
Followup to: <[EMAIL PROTECTED]>
By author:"Michael H. Warfield" <[EMAIL PROTECTED]>
In newsgroup: linux.dev.kernel
>
> Oh, I hate to add to a remark like that (OK, I lied, I love
> trollbait...)
>
> On Tue, Nov 14, 2000 at 11:20:35AM -0800, Ben Ford wrote:
> > Olaf Kirch wrote:
>
> >
Oh, I hate to add to a remark like that (OK, I lied, I love
trollbait...)
On Tue, Nov 14, 2000 at 11:20:35AM -0800, Ben Ford wrote:
> Olaf Kirch wrote:
> > sure request_module _does_not_ accept funky module names. Why allow
> > people to shoot themselves (and, by extension, all other Lin
Olaf Kirch wrote:
> sure request_module _does_not_ accept funky module names. Why allow
> people to shoot themselves (and, by extension, all other Linux users
> out there) in the foot?
I thought that was the whole purpose of Unix/Linux?
-b
-
To unsubscribe from this list: send the line "unsubs
On Tue, Nov 14, 2000 at 09:59:22AM +0100, Olaf Kirch wrote:
> PS: The load_nls code tries to check for buffer overflows, but
> gets it wrong:
>
> struct nls_table *nls;
> charbuf[40];
>
> if (strlen(charset) > sizeof(buf) - sizeof("nls_"))
> fail;
>
On Tue, Nov 14, 2000 at 09:59:22AM +0100, Olaf Kirch wrote:
> On Tue, Nov 14, 2000 at 12:06:32AM +0100, Michal Zalewski wrote:
> > Maybe I am missing something, but at least for me, modprobe
> > vulnerabilities are exploitable via privledged networking services,
> > nothing more.
>
> Maybe not. n
On Tue, Nov 14, 2000 at 12:06:32AM +0100, Michal Zalewski wrote:
> Maybe I am missing something, but at least for me, modprobe
> vulnerabilities are exploitable via privledged networking services,
> nothing more.
Maybe not. ncpfs for instance has an ioctl that seems to allow
unprivileged users to
11 matches
Mail list logo
