Bugtraq mailing list archives
Re: Local user can send forged packets
From: peak () ARGO TROJA MFF CUNI CZ (Pavel Kankovsky)
Date: Sat, 23 Oct 1999 18:34:56 +0200
The advisory did not explain what was the cause of the problem. (Rant: Why? Will the following explanation help anyone who would not be able to find out this piece of information himself to abuse the bug?) As far as I can tell, the problem is this: anyone, including mere mortals, is allowed to use TIOCSETD. Therefore anyone can set PPP line discipline on a tty under his control and sent forged datagrams right into the kernel network subsystem. I do not believe there is any reason why mortals should ever be allowed to use TIOCSETD (at least under Linux), therefore adding something like "if (!suser()) return -EPERM;" under "case TIOCSETD:" in drivers/char/ tty_io.c should fix the problem for 2.0 (things are a bit more complicated in 2.2 but we've already got a fix for 2.2). But remember: you use it at your own risk, there is no guarantee this patch will not kill all your family when used improperly. --Pavel Kankovsky aka Peak [ Boycott Microsoft--http://www.vcnet.com/bms ] "Resistance is futile. Open your source code and prepare for assimilation."
Current thread:
- Local user can send forged packets Marc SCHAEFER (Oct 22)
- Re: Local user can send forged packets Pavel Kankovsky (Oct 23)
- IBM AIX Packet Filter module Brumbles (Oct 25)
- Re: IBM AIX Packet Filter module Troy A. Bollinger (Oct 26)
- Re: IBM AIX Packet Filter module (followup) Brumbles (Oct 27)
- IBM AIX Packet Filter module Brumbles (Oct 25)
- Re: Local user can send forged packets Alan Cox (Oct 25)
- Re: Local user can send forged packets Solar Designer (Oct 27)
- Re: Local user can send forged packets Pavel Kankovsky (Oct 23)
- SuSE Security Announcement - ypserv Marc Heuse (Oct 24)
- password leak in IBM WebSphere / HTTP Server / ikeyman Major Malfunction (Oct 24)