On Wed, 18 Jul 2001, twiz - Perla Enrico wrote: > I' ve tested it on Slackware 7.0 with kernel 2.4.5 : > twisterz:~# uname -r > 2.4.5 > twisterz:~# > > I' ve noticed that , while /var/run/utmp *is* world writable : > twisterz:~# ls -l /var/run/utmp > -rw-rw-rw- 1 root root 4608 Jul 17 02:27 /var/run/utmp > twisterz:~# > and also /var/run/gpm.pid is -rw-rw-rw-, *but* modules.dep isn' t writable > > twisterz:~# ls -l /lib/modules/`uname -r`/modules.dep > -rw-r--r-- 1 root root 2688 Jul 16 19:36 > /lib/modules/2.4.5/modules.dep > twisterz:~# > > So it can't be edited, and the exploit can' t work 'cause you can't > add/change lines to modules.dep. > I'm going to download Slackware 8.0 and test on it, btw on slak 7.0 keep > good the possibility of, as you said : The modules.dep file is 0666 only when using the slackware prepackaged kernel. If you ever recompile and install your own kernel, modules.dep file is created by make modules_install, that runs with the umask of your shell session, and is not recreated at boot time unless you add new modules to /lib/modules/`uname -r`/ Radu-Adrian Feurdean mailto: rafat_private ------------------------------------------------------------ Teamwork is essential - it allows you to blame someone else.
This archive was generated by hypermail 2b30 : Thu Jul 19 2001 - 09:21:44 PDT