Re: [PATCH] Re: Local root exploit with kmod and modutils > 2.1.121
Followup to: <[EMAIL PROTECTED]> By author:Keith Owens <[EMAIL PROTECTED]> In newsgroup: linux.dev.kernel > > On Thu, 16 Nov 2000 22:21:52 +0100, > Xavier Bestel <[EMAIL PROTECTED]> wrote: > >as modprobe (insmod) args parsing seems POSIX compliant, we should put a > >"--" before > >what should be interpreted only as a textual argument, not as an option. > >This is a lot safer: whatever is passed, modprobe will take it as a module > >name. > > That only solves one of the two exploit methods. modutils 2.3.20 > solves both without any kernel changes, mainly so it fixes the problem > on all kernels, including 2.2. > However, the kernel change is probably still a good idea. -hpa -- <[EMAIL PROTECTED]> at work, <[EMAIL PROTECTED]> in private! "Unix gives you enough rope to shoot yourself in the foot." http://www.zytor.com/~hpa/puzzle.txt - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH] Re: Local root exploit with kmod and modutils > 2.1.121
On Thu, 16 Nov 2000 22:21:52 +0100, Xavier Bestel <[EMAIL PROTECTED]> wrote: >as modprobe (insmod) args parsing seems POSIX compliant, we should put a >"--" before >what should be interpreted only as a textual argument, not as an option. >This is a lot safer: whatever is passed, modprobe will take it as a module >name. That only solves one of the two exploit methods. modutils 2.3.20 solves both without any kernel changes, mainly so it fixes the problem on all kernels, including 2.2. - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH] Re: Local root exploit with kmod and modutils 2.1.121
On Thu, 16 Nov 2000 22:21:52 +0100, Xavier Bestel [EMAIL PROTECTED] wrote: as modprobe (insmod) args parsing seems POSIX compliant, we should put a "--" before what should be interpreted only as a textual argument, not as an option. This is a lot safer: whatever is passed, modprobe will take it as a module name. That only solves one of the two exploit methods. modutils 2.3.20 solves both without any kernel changes, mainly so it fixes the problem on all kernels, including 2.2. - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] Please read the FAQ at http://www.tux.org/lkml/