[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: FIX: World-writeable files repair script
At 1:52 PM +1000 8/3/01, Keith Owens wrote:
>On Thu, 02 Aug 2001 21:45:52 -0500,
>Eric Sandeen <sandeen@sgi.com> wrote:
>>Keith Owens wrote:
>>
>>> Add /lib/modules/*/modules.dep. If that file is world writable you
>>> have a local root exploit. Due to the kernel bug, this has occurred on
>>> Slackware installs. As part of that exploit, people reported that
>>> /var/log/wtmp and /var/run/utmp are also created with the wrong mask.
>>> Not exploitable AFAIK but you can hide tasks if utmp is world writable.
>>
>>modules.dep comes from the Red Hat kernel RPMs, and it doesn't appear to
>>be re-generated or modified during the install, so I think we're fine
>>here.
>
>Yes and no. If a user builds their own kernel and does not run depmod
>before rebooting and the kernel has the umask bug and the init scripts
>do not set umask then modules.dep is created with the wrong mode.
>Unfortunately some users managed to meet all the requirements :( The
>problem particularly affects cross compiles because depmod does not run
>in cross compile mode.
Is it safe to run the 2.4.3 kernel in general?
--
. . . . . . . . ooo . . . . ooo . . . . . . . . .
. .
. Dean Brissinger - Systems Administrator .
. Direct: 303-583-0278 Main: 303-444-0094 .
. Fax: 303-583-0246 http://www.vexcel.com/ .
. .
. . . . . . . oOOo . . A . . oOOo . . . . . . . .
0 0
'````