Re: load.root (loadmodule hole)

Brad.PowellEng.Sun.COM

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: Pat The Friendly RedNeck: "Re: load.root (loadmodule hole)"
• Previous message: Fred Blonder: "Re: load.root (loadmodule hole)"
• Maybe in reply to: der Mouse: "load.root (loadmodule hole)"
• Next in thread: Karl Strickland: "Re: load.root (loadmodule hole)"

>From owner-bugtraqCRIMELAB.COM  Fri Sep 15 15:46:48 1995
>Am I overlooking something obvious here, or would simply turning off the
>set-UID bit on "loadmodule" be an acceptable temporary workaround for
>most sites?
>-----
>Fred Blonder            frednasirc.hq.nasa.gov
>
>Hughes STX Corp.        (301) 441-4079
>7701 Greenbelt Rd.
>Greenbelt, Md.  20770
>

turning of the suid bit works *mostly*

 of course don't expect to be able to run openwindows :-)

I say mostly because there is still the problem if the process running
is running as root, as well as the problem of if another
setuid executable calls loadmodule.

Neither of these is as big a problem, but they are still there.

Calling system() has never been a smart thing, just a simple thing.

Brad
=======================================================================
Brad Powell : brad.powellSun.COM
Sr. Network Security Consultant
SunNetworks, Sun Microsystems Inc.
=======================================================================
               The views expressed are those of the author and may
                  not reflect the views of Sun Microsystems Inc.
=======================================================================

• Next message: Pat The Friendly RedNeck: "Re: load.root (loadmodule hole)"
• Previous message: Fred Blonder: "Re: load.root (loadmodule hole)"
• Maybe in reply to: der Mouse: "load.root (loadmodule hole)"
• Next in thread: Karl Strickland: "Re: load.root (loadmodule hole)"