| To: | Keith Owens <kaos@xxxxxxxxxxxxxxxxx> |
|---|---|
| Subject: | Re: FIX: World-writeable files repair script |
| From: | Eric Sandeen <sandeen@xxxxxxx> |
| Date: | Thu, 02 Aug 2001 21:45:52 -0500 |
| Cc: | linux-xfs@xxxxxxxxxxx |
| References: | <11005.996798035@ocs3.ocs-net> |
| Sender: | owner-linux-xfs@xxxxxxxxxxx |
Keith Owens wrote: > Add /lib/modules/*/modules.dep. If that file is world writable you > have a local root exploit. Due to the kernel bug, this has occurred on > Slackware installs. As part of that exploit, people reported that > /var/log/wtmp and /var/run/utmp are also created with the wrong mask. > Not exploitable AFAIK but you can hide tasks if utmp is world writable. modules.dep comes from the Red Hat kernel RPMs, and it doesn't appear to be re-generated or modified during the install, so I think we're fine here. -Eric -- Eric Sandeen XFS for Linux http://oss.sgi.com/projects/xfs sandeen@xxxxxxx SGI, Inc. |
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| ||
| Previous by Date: | TAKE - ppc/attr, Nathan Scott |
|---|---|
| Next by Date: | Re: default ACL?, Timothy Shimmin |
| Previous by Thread: | Re: FIX: World-writeable files repair script, Keith Owens |
| Next by Thread: | Re: FIX: World-writeable files repair script, Keith Owens |
| Indexes: | [Date] [Thread] [Top] [All Lists] |