Bugtraq mailing list archives
More modutils: It's probably worse.
From: Chris Evans <chris () SCARY BEASTS ORG>
Date: Mon, 13 Nov 2000 21:01:23 +0000
Hi, I think this problem is worse than originally thought. As noted by Olaf: --- It should be noted that older Linux distributions using e.g. modutils-2.1.121 (which I'm looking at) should be safe: before modprobe will do _anything_ it checks the name of the requested module against /lib/modules/modules.dep and fails if the module's not listed. Getting "; chmod +w ." listed as a module should be sort of tricky. --- Unfortunately, we can subvert modutils _before_ any validation of module name gets run. If we make the first character of our proposed module a '-', then it will be just like we passed an option to modprobe. modprobe -C, to specify a config file other than /etc/modules.conf, would be an interesting route to play with. Oh dear. Looks like a kernel issue as well as a modutils issue. Also looks like more distributions could be affected. I'd normally hold off posting something like this, but I guarantee black hats have already figured this out. Cheers Chris
Current thread:
- More modutils: It's probably worse. Chris Evans (Nov 14)
- Re: More modutils: It's probably worse. Michal Zalewski (Nov 14)