Bugtraq mailing list archives
[linux-security] Re: Big security hole in kerneld's request_route
From: jack () solucorp qc ca (Jacques Gelinas)
Date: Thu, 13 Jun 1996 17:55:13 -0500
On Wed, 12 Jun 1996 ichudov () algebra com wrote: [Mod: Quoting trimmed. --Jeff.]
I was just looking at sources of newly released linux 2.0. In modules-1.3.69k, in kerneld's subdirectory, there is a file request_route.sh (see below). It's supposed to run as root, whenever a route is requested. It is supposed to start pppd or something like that. As it appears, it is possible to destroy system philes (such as /etc/passwd and so on).
The path should be changed to /var/run/request-route.pid It is unfortunate that there is no cleaner way to wait for pppd's success or failure. I mean to do something as simple as if /usr/sbin/pppd ... then echo ok else echo failure fi pppd just fork (goes in background) to soon. Maybe there is already an option. -------------------------------------------------------- Jacques Gelinas (jacques () solucorp qc ca) Use Linux without reformating: Use UMSDOS.
Current thread:
- Re: Publically writable directories, (continued)
- Re: Publically writable directories Neil Soveran-Charley (Jun 16)
- Re: Publically writable directories Brian Mitchell (Jun 17)
- Re: Publically writable directories Thomas Koenig (Jun 18)
- Re: Publically writable directories Bill Pemberton (Jun 18)
- Re: Publically writable directories Thomas Koenig (Jun 18)
- Re: Publically writable directories Bill Pemberton (Jun 17)
- Re: Publically writable directories David DeSimone (Jun 17)
- Re: Publically writable directories Valdis.Kletnieks () vt edu (Jun 17)
- Re: Publically writable directories Michael Dilger (Jun 17)