Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: OSS www.opensound.com

From: Martin Macok <martin.macok () UNDERGROUND CZ>
Date: Wed, 24 Jan 2001 19:20:12 +0100
On Fri, Jan 24, 2020 at 12:52:36AM +1100, fejed wrote:

Earlier on today, I was messing with strace and OSS, see
www.opensound.com, 
[eks@localhost oss]$ cat version.txt
This version (3.9.4b-010118) is compiled for Linux-2.2.18-UP
I noticed this:


[400f8c34] read(255, "\n$MODTOOLS/insmod -V > /tmp/oss."..., 8176) = 8176

/tmp/oss eh?
so if the module was not loaded at the current point in time,
theoretically, could a module not be placed in /tmp as 'oss' and
then it would be insmod'd and used?


I think "insmod -V > something" just writes stdout (insmod -V) to file
"something" and doesn't load anything under any circumstances.

(That doesn't mean that it's OK. Someone must validate if it writes to
a file in /tmp the proper way(tm) ... i.e. if there are sanity checks,
if it doesn't follow symlinks, work with right privilegies... etc.)

Have a nice day

-- 
   Martin Mačok
  underground.cz
    openbsd.cz
Previous By Date Next
Previous By Thread Next

Current thread: