[Top] [All Lists]

Re: FIX: World-writeable files repair script

To: Eric Sandeen <sandeen@xxxxxxx>
Subject: Re: FIX: World-writeable files repair script
From: Keith Owens <kaos@xxxxxxxxxxxxxxxxx>
Date: Fri, 03 Aug 2001 10:20:35 +1000
Cc: linux-xfs@xxxxxxxxxxx
In-reply-to: Your message of "02 Aug 2001 13:50:32 EST." <996778232.17558.9.camel@xxxxxxxxxxxxxxxxxxxxxx>
Sender: owner-linux-xfs@xxxxxxxxxxx
On 02 Aug 2001 13:50:32 -0500, 
Eric Sandeen <sandeen@xxxxxxx> wrote:
>Here's a script that should fix all the mis-permed files that may be
>lurking out there...  Sending this out now to get feedback before I
>unleash it on the world at large.

Add /lib/modules/*/modules.dep.  If that file is world writable you
have a local root exploit.  Due to the kernel bug, this has occurred on
Slackware installs.  As part of that exploit, people reported that
/var/log/wtmp and /var/run/utmp are also created with the wrong mask.
Not exploitable AFAIK but you can hide tasks if utmp is world writable.

<Prev in Thread] Current Thread [Next in Thread>