I' ve tested it on Slackware 7.0 with kernel 2.4.5 : twisterz:~# uname -r 2.4.5 twisterz:~# I' ve noticed that , while /var/run/utmp *is* world writable : twisterz:~# ls -l /var/run/utmp -rw-rw-rw- 1 root root 4608 Jul 17 02:27 /var/run/utmp twisterz:~# and also /var/run/gpm.pid is -rw-rw-rw-, *but* modules.dep isn' t writable twisterz:~# ls -l /lib/modules/`uname -r`/modules.dep -rw-r--r-- 1 root root 2688 Jul 16 19:36 /lib/modules/2.4.5/modules.dep twisterz:~# So it can't be edited, and the exploit can' t work 'cause you can't add/change lines to modules.dep. I'm going to download Slackware 8.0 and test on it, btw on slak 7.0 keep good the possibility of, as you said : > > And of course with /var/run/utmp writeable, users can delete or in > other ways manipulate their logins as they appear in > w/who/finger/getlogin(), etc. > twiz - twizat_private or twiat_private - ./twlc
This archive was generated by hypermail 2b30 : Wed Jul 18 2001 - 08:06:46 PDT