On Mon, 29 Sep 1997 15:05:20 -0400 (EDT), Patrick Cantwell wrote: Seems like a serious hole to me. I just changed the permissions on my box, and think it it warrants debian to change policy regarding permissions and modules.
>On Sun, 28 Sep 1997, Aleph One wrote: > >(forwarded from [email protected]) > ><snip> > >> Corollary: Any module in /lib/modules can be loaded into kernel memory by >> any user at any time. There are potential denial-of-service attacks >> from autoprobes and device initialization all kinds of other goo that >> I wish I didn't have to think about here. > >see Brian Mitchell's "hacked_setuid" module, that was released in phrack >50, article 5 (along with his linspy terminal snooper program).. >what this module does is redirect the setuid() call so you can become >superuser using a magic number. >just think, if you could load this module at will without being root, all >you'd need to do is whip up some code that does setuid(magic_number) and >spawns a shell! > >> Here are four alternative fixes: > >#5 make /usr/lib/modules root read/write only ------------------------------------------------------------------------- http://www.psychosis.com/emc/ Elite MicroComputers 908-541-4214 http://www.psychosis.com/linux-router/ Linux Router Project
