Hello all, Don't be scared about message subject. Last night I read af_irda.c from kernel source. More precisely irda_setsockopt and irda_getsockopt. There to sockopt (get and set) for local IAS manipulation: IRDA_IAS_SET and IRDA_IAS_GET (I read from memory). My concern: the r00t user set or read an entry on/from IAS and perform some actions (perhaps dangerous to be exploatable, e.g. run a service or another executable or else) regarding values in local IAS (or even remote?) A local user also can set their desired IAS entries replacing r00t ones. Questions: Is this realy potentialy exploitable? Can be a mecanism to seperate root/user or user1/user2? (I found that entries set by kernel are imune to deleting with IRDA_IAS_DEL) Is need to write a document and advertise for possible danger if we cannot this situation if all I say is correct? P.S. I think IrDA was designed by people concerned only to desktop users (i.e. one user, one device and monouser O.S.) P.S.S. For Jean: is now possible to escape from having same name object and different IDs? kind regards, -- Claudiu Costin <[EMAIL PROTECTED]> _______________________________________________ Linux-IrDA mailing list - [EMAIL PROTECTED] http://www.pasta.cs.UiT.No/mailman/listinfo/linux-irda
