Bugtraq mailing list archives
Re: load.root (loadmodule hole)
From: karl () bagpuss demon co uk (Karl Strickland)
Date: Mon, 18 Sep 1995 00:22:14 +0100
From owner-bugtraq () CRIMELAB COM Fri Sep 15 15:46:48 1995 Am I overlooking something obvious here, or would simply turning off the set-UID bit on "loadmodule" be an acceptable temporary workaround for most sites? ----- Fred Blonder fred () nasirc hq nasa gov Hughes STX Corp. (301) 441-4079 7701 Greenbelt Rd. Greenbelt, Md. 20770turning of the suid bit works *mostly* of course don't expect to be able to run openwindows :-) I say mostly because there is still the problem if the process running is running as root, as well as the problem of if another setuid executable calls loadmodule. Neither of these is as big a problem, but they are still there. Calling system() has never been a smart thing, just a simple thing.
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ Given that statement, the following questions arise. 1. Did SUN know they were doing the 'simple but not smart' thing when they released the broken patch? 2. Did the SUN Quality-Control people know that system() is dangerous? If not, do they know now, and can we have an assurance that this will not happen again in the future? If they did know, why did they pass the patch? -- ------------------------------------------+----------------------------------- Mailed using ELM on FreeBSD | Karl Strickland PGP 2.3a Public Key Available. | Internet: karl () bagpuss demon co uk |
Current thread:
- load.root (loadmodule hole) der Mouse (Sep 15)
- Re: load.root (loadmodule hole) Urban (Sep 15)
- Re: load.root (loadmodule hole) Fred Blonder (Sep 15)
- Re: load.root (loadmodule hole) Pat The Friendly RedNeck (Sep 15)
- Re: load.root (loadmodule hole) Urban (Sep 18)
- INN1.4sec on Linux Olaf Kirch (Sep 18)
- Re: INN1.4sec on Linux Dave Barr (Sep 25)
- Re: load.root (loadmodule hole) Fred Blonder (Sep 15)
- <Possible follow-ups>
- Re: load.root (loadmodule hole) Brad Powell (Sep 15)
- Re: load.root (loadmodule hole) Karl Strickland (Sep 17)
- Re: load.root (loadmodule hole) Casper Dik (Sep 26)
- Re: load.root (loadmodule hole) Brad Powell (Sep 16)
- Re: load.root (loadmodule hole) Dave Mitchell (Sep 18)
- Re: load.root (loadmodule hole) Urban (Sep 15)