Bugtraq mailing list archives

Re: Linux kernel sysctl() vulnerability

From: Aleksander Kamil Modzelewski <noir () VORTEX EFEKT PL>
Date: Sat, 10 Feb 2001 22:18:31 +0100

On Sat, Feb 10, 2001 at 10:28:01AM +0100, Florian Weimer wrote:

There exists a Linux system call sysctl() which is used to query and
modify runtime system settings. Unprivileged users are permitted to query
the value of many of these settings.

It appears that all current Linux kernel version (2.2.x and 2.4.x) are
vulnerable.  Right?

But not in Alan Cox'es version.
In 2.4.1-ac4:

/* The generic string strategy routine: */
int sysctl_string(ctl_table *table, int *name, int nlen,
                  void *oldval, size_t *oldlenp,
                  void *newval, size_t newlen, void **context)
{
        size_t l, len;

Another thing is, that t shows, that someone already noticed the
problem :/

Greets
Aleksander Kamil Modzelewski
ps. This is my first posting. Hope I did not make a fall-start :)
pps. OK, I did, but this is a long story :)

--
/==]n0iR[==++++.__                                                          /\
| noir () efekt pl   `\     BOFH excuse #89: Electromagnetic energy loss       `|
+ BOFH #1 of #radom `\                                                       |
|\  UIN: #89507110    `\                                                     |
\--\~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~/'

Current thread:

Linux kernel sysctl() vulnerability Chris Evans (Feb 10)
- Re: Linux kernel sysctl() vulnerability Florian Weimer (Feb 10)
  - Re: Linux kernel sysctl() vulnerability Ryan W. Maple (Feb 10)
  - Re: Linux kernel sysctl() vulnerability Aleksander Kamil Modzelewski (Feb 10)
  - Re: Linux kernel sysctl() vulnerability Greg KH (Feb 10)
    - Re: Linux kernel sysctl() vulnerability Joost Pol2 (Feb 12)
  - Re: Linux kernel sysctl() vulnerability Stephen White (Feb 12)