Danny Lungstrom, a student in my Fall 2004 UNIX Security Holes course, has discovered that uml_net, when installed setuid root (as is normal), allows any local user to type
./uml_net 4 slip down eth0 to take down the computer's Ethernet connection. The connection stays down until the system administrator manually brings it back up. I'm publishing this notice, but all the discovery credits should be assigned to Lungstrom. The underlying bug is that, in slip.c, slip_down() has no idea whether the user is actually allowed to take down the specified interface. ---D. J. Bernstein, Associate Professor, Department of Mathematics, Statistics, and Computer Science, University of Illinois at Chicago ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://productguide.itmanagersjournal.com/ _______________________________________________ User-mode-linux-devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/user-mode-linux-devel
