xfs
[Top] [All Lists]

Re: FIX: World-writeable files repair script

To: linux-xfs@xxxxxxxxxxx
Subject: Re: FIX: World-writeable files repair script
From: Dean Brissinger <brissing@xxxxxxxxxx>
Date: Fri, 3 Aug 2001 09:04:07 -0600
In-reply-to: <14982.996810747@kao2.melbourne.sgi.com>
References: <14982.996810747@kao2.melbourne.sgi.com>
Sender: owner-linux-xfs@xxxxxxxxxxx
At 1:52 PM +1000 8/3/01, Keith Owens wrote:
On Thu, 02 Aug 2001 21:45:52 -0500,
Eric Sandeen <sandeen@xxxxxxx> wrote:
Keith Owens wrote:

 Add  /lib/modules/*/modules.dep.  If that file is world writable you
 have a local root exploit.  Due to the kernel bug, this has occurred on
 Slackware installs.  As part of that exploit, people reported that
 /var/log/wtmp and /var/run/utmp are also created with the wrong mask.
 Not exploitable AFAIK but you can hide tasks if utmp is world writable.

modules.dep comes from the Red Hat kernel RPMs, and it doesn't appear to be re-generated or modified during the install, so I think we're fine here.

Yes and no. If a user builds their own kernel and does not run depmod before rebooting and the kernel has the umask bug and the init scripts do not set umask then modules.dep is created with the wrong mode. Unfortunately some users managed to meet all the requirements :( The problem particularly affects cross compiles because depmod does not run in cross compile mode.

Is it safe to run the 2.4.3 kernel in general?

--
   . . . . . . . . ooo . . . . ooo . . . . . . . . .
   .                                               .
   .    Dean Brissinger - Systems Administrator    .
   .   Direct: 303-583-0278   Main: 303-444-0094   .
   .   Fax: 303-583-0246  http://www.vexcel.com/   .
   .                                               .
   . . . . . . . oOOo . . A . . oOOo . . . . . . . .
                         0 0
                        '````


<Prev in Thread] Current Thread [Next in Thread>