oss-sec mailing list archives

Re: CVE request: kernel: CAP_SYS_MODULE bypass via CAP_NET_ADMIN

From: Vasiliy Kulikov <segoon () openwall com>
Date: Fri, 11 Mar 2011 17:36:51 +0300

On Thu, Feb 24, 2011 at 15:54 -0800, Kees Cook wrote:

"ifconfig $module" will load any module as long as the process
has CAP_NET_ADMIN (ignoring CAP_SYS_MODULE)."


This was fixed in 8909c9ad8ff:

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=8909c9ad8ff03611c9c96c9a92656213e4bb495b

-- 
Vasiliy Kulikov
http://www.openwall.com - bringing security into open computing environments

Current thread:

CVE request: kernel: CAP_SYS_MODULE bypass via CAP_NET_ADMIN Kees Cook (Feb 24)
- Re: CVE request: kernel: CAP_SYS_MODULE bypass via CAP_NET_ADMIN Eugene Teo (Feb 24)
- Re: CVE request: kernel: CAP_SYS_MODULE bypass via CAP_NET_ADMIN Vasiliy Kulikov (Mar 11)