On Thu, 02 Aug 2001 21:45:52 -0500,
Eric Sandeen <sandeen@xxxxxxx> wrote:
>Keith Owens wrote:
>
>> Add /lib/modules/*/modules.dep. If that file is world writable you
>> have a local root exploit. Due to the kernel bug, this has occurred on
>> Slackware installs. As part of that exploit, people reported that
>> /var/log/wtmp and /var/run/utmp are also created with the wrong mask.
>> Not exploitable AFAIK but you can hide tasks if utmp is world writable.
>
>modules.dep comes from the Red Hat kernel RPMs, and it doesn't appear to
>be re-generated or modified during the install, so I think we're fine
>here.
Yes and no. If a user builds their own kernel and does not run depmod
before rebooting and the kernel has the umask bug and the init scripts
do not set umask then modules.dep is created with the wrong mode.
Unfortunately some users managed to meet all the requirements :( The
problem particularly affects cross compiles because depmod does not run
in cross compile mode.
|