On Tue, 17 Jul 2001 15:18:31 +0930 (CST), Toby Corkindale <tjcorkinat_private> wrote: >According to the manual page for insmod, insmod should refuse >to install a non-root-owned module, since otherwise exploits relating to >compromised user accounts who own modules, or else a compromised >modules.dep, are available. > >I would assume modprobe should follow this behaviour. >However, see the below transcript for an example of modprobe differing. > >The insmod correctly denies to load the module, but modprobe happily >installs it! (Note that modprobe is actually just a symlink to insmod, >which checks the argv[0] to determine mode to run) It loads because modprobe is trusting the data in modules.dep. You can only get into this situation by one of two actions: (1) root ran depmod with -r to allow modules not owned by root (2) the module was originally owned by root but root changed the owner or installed a new version, in either case they have not run depmod after the change. modules.dep is a trusted file. root builds it by hand or via a startup script. If root changes the modules without refreshing modules.dep then you have GIGO. AFAICT you need root to do this, to update files and/or permissions in /lib/modules. If you can reproduce the problem without requiring root privileges at some stage and without using depmod -r then it is a bug. Otherwise "root can destroy a system", this is not news.
This archive was generated by hypermail 2b30 : Tue Jul 17 2001 - 08:00:00 PDT