On Sat, Feb 10, 2001 at 10:28:01AM +0100, Florian Weimer wrote:
> > There exists a Linux system call sysctl() which is used to query and
> > modify runtime system settings. Unprivileged users are permitted to query
> > the value of many of these settings.
> It appears that all current Linux kernel version (2.2.x and 2.4.x) are
> vulnerable. Right?
But not in Alan Cox'es version.
In 2.4.1-ac4:
/* The generic string strategy routine: */
int sysctl_string(ctl_table *table, int *name, int nlen,
void *oldval, size_t *oldlenp,
void *newval, size_t newlen, void **context)
{
size_t l, len;
Another thing is, that t shows, that someone already noticed the
problem :/
Greets
Aleksander Kamil Modzelewski
ps. This is my first posting. Hope I did not make a fall-start :)
pps. OK, I did, but this is a long story :)
--
/==]n0iR[==++++.__ /\
| [EMAIL PROTECTED] `\ BOFH excuse #89: Electromagnetic energy loss `|
+ BOFH #1 of #radom `\ |
|\ UIN: #89507110 `\ |
\--\~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~/'
Re: Linux kernel sysctl() vulnerability
Aleksander Kamil Modzelewski Sat, 10 Feb 2001 16:40:18 -0800
- Linux kernel sysctl() vulnerability Chris Evans
- Re: Linux kernel sysctl() vulnerability Florian Weimer
- Re: Linux kernel sysctl() vulnerabil... Ryan W. Maple
- Re: Linux kernel sysctl() vulnerabil... Aleksander Kamil Modzelewski
- Re: Linux kernel sysctl() vulnerabil... Greg KH
- Re: Linux kernel sysctl() vulner... Joost Pol2
- Re: Linux kernel sysctl() vulnerabil... Stephen White
