Followup to: <[EMAIL PROTECTED]>
By author: Keith Owens <[EMAIL PROTECTED]>
In newsgroup: linux.dev.kernel
>
> On Thu, 16 Nov 2000 22:21:52 +0100,
> Xavier Bestel <[EMAIL PROTECTED]> wrote:
> >as modprobe (insmod) args parsing seems POSIX compliant, we should put a
> >"--" before
> >what should be interpreted only as a textual argument, not as an option.
> >This is a lot safer: whatever is passed, modprobe will take it as a module
> >name.
>
> That only solves one of the two exploit methods. modutils 2.3.20
> solves both without any kernel changes, mainly so it fixes the problem
> on all kernels, including 2.2.
>
However, the kernel change is probably still a good idea.
-hpa
--
<[EMAIL PROTECTED]> at work, <[EMAIL PROTECTED]> in private!
"Unix gives you enough rope to shoot yourself in the foot."
http://www.zytor.com/~hpa/puzzle.txt
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL PROTECTED]
Please read the FAQ at http://www.tux.org/lkml/
