On Tue, 17 Jul 2001 16:05:56 +0930 (CST), Toby Corkindale <tjcorkinat_private> wrote: >joshat_private posted to bugtraq earlier today with a case whereby >modules.dep is set to mode 0666, and thus can be manipulated by a non-root >user to cause a common module to load a user-owned evil module. Fixed in 2.4.7-pre7, not released yet. It is a kernel bug, not modutils. >According to his post, Linux kernels from 2.4.3 onwards have a default empty >umask, and thus on some distributions that do not explicity set the umask >in time, a world-writeable modules.dep is created on bootup. > >This can be seen as a configuration error, perhaps, but I question whether >modprobe should bypass the root-ownership test, which seems like a good >idea. >I guess there are cases where being able to specify an >intentionally-non-root-owned module would be useful, but is that enough of a >reason to bypass the security check? You must explicitly bypass the security check by running insmod -r for an individual module or depmod -r for all modules. Frankly I hate the idea but some people share systems and deliberately set their /lib/modules to 777 with modules.dep being 666. Foot, gun, shoot.
This archive was generated by hypermail 2b30 : Tue Jul 17 2001 - 09:16:23 PDT