Re: Linux kernel sysctl() vulnerability

2001-02-12 Thread Stephen White
On Sat, Feb, 2001, Florian Weimer wrote: > Chris Evans <[EMAIL PROTECTED]> writes: > > There exists a Linux system call sysctl() which is used to query and > > modify runtime system settings. Unprivileged users are permitted to query > > the value of many of these settings. > > The following trivi

Re: Linux kernel sysctl() vulnerability

2001-02-12 Thread Joost Pol2
'Night all, Should this not be fixed in copyout/copyin instead? It probarly occurs at other places instead of sysctl as well. Kind regards, Joost Pol alias Nohican ([EMAIL PROTECTED]) :wq On Sat, Feb 10, 2001 at 02:43:38PM -0800, Greg KH wrote: > On Sat, Feb 10, 2001 at 10:28:01AM +0100, Flori

Re: Linux kernel sysctl() vulnerability

2001-02-10 Thread Greg KH
On Sat, Feb 10, 2001 at 10:28:01AM +0100, Florian Weimer wrote: > > The following trivial patch should fix this issue. Here's the patch that Alan accepted and put into 2.2.18-pre9 to fix this problem. greg k-h -- greg@(kroah|wirex).com http://immunix.org/~greg diff -Naur -X /home/greg/linux/d

Re: Linux kernel sysctl() vulnerability

2001-02-10 Thread Aleksander Kamil Modzelewski
On Sat, Feb 10, 2001 at 10:28:01AM +0100, Florian Weimer wrote: > > There exists a Linux system call sysctl() which is used to query and > > modify runtime system settings. Unprivileged users are permitted to query > > the value of many of these settings. > It appears that all current Linux kernel

Re: Linux kernel sysctl() vulnerability

2001-02-10 Thread Ryan W. Maple
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Sat, 10 Feb 2001, Florian Weimer wrote: > Chris Evans <[EMAIL PROTECTED]> writes: > > > There exists a Linux system call sysctl() which is used to query and > > modify runtime system settings. Unprivileged users are permitted to query > > the val

Re: Linux kernel sysctl() vulnerability

2001-02-10 Thread Florian Weimer
Chris Evans <[EMAIL PROTECTED]> writes: > There exists a Linux system call sysctl() which is used to query and > modify runtime system settings. Unprivileged users are permitted to query > the value of many of these settings. It appears that all current Linux kernel version (2.2.x and 2.4.x) are

Linux kernel sysctl() vulnerability

2001-02-09 Thread Chris Evans
Hi, OVERVIEW There exists a Linux system call sysctl() which is used to query and modify runtime system settings. Unprivileged users are permitted to query the value of many of these settings. The unprivileged user passes in a buffer location and the length of this buffer. Unfortunately, by spe