Keith Owens wrote:
> Add /lib/modules/*/modules.dep. If that file is world writable you
> have a local root exploit. Due to the kernel bug, this has occurred on
> Slackware installs. As part of that exploit, people reported that
> /var/log/wtmp and /var/run/utmp are also created with the wrong mask.
> Not exploitable AFAIK but you can hide tasks if utmp is world writable.
modules.dep comes from the Red Hat kernel RPMs, and it doesn't appear to
be re-generated or modified during the install, so I think we're fine
Eric Sandeen XFS for Linux http://oss.sgi.com/projects/xfs
sandeen@xxxxxxx SGI, Inc.