Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Bugtraq> 1995_3

Bugtraq archives for 3rd quarter (Jul-Aug) 1995: Re: load.root (loadmodule hole)

Re: load.root (loadmodule hole)

Dave Mitchell (D.Mitchelldcs.shef.ac.uk)
Mon, 18 Sep 1995 13:08:15 BST

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Sten Gunterberg: "Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995"
Previous message: Brad Powell: "Re: load.root (loadmodule hole)"
Maybe in reply to: der Mouse: "load.root (loadmodule hole)"

Brad Powell <Brad.PowellEng.Sun.COM> writes:
>loadmodule also gets called when you "load modules" such as
>PC NFS, or SunPC, or WABI, ect.. it also gets called by applications
>such as printer software packages to load their device driver.
>
>I't a useful utility but _very_ insecure.
>Its replaced in solaris 2.X

Err, are we talking about /usr/openwin/bin/loadmodule under SunOS 4.x?
Loading WABI modules? Etc?

Are you sure you're not confusing this with /usr/kvm/modload, a
non-setuid program which loads modules into kernel, and which is invoked
by the (setuid) loadmodule program?


Dave.

* David Mitchell, Systems Administrator,    email: D.Mitchelldcs.shef.ac.uk
* Dept. Computer Science, Sheffield Uni.    phone: +44 114-282-5573
* 211 Portobello St, Sheffield S1 4DP, UK.  fax:   +44 114-278-0972
*
* Standards (n). Battle insignia or tribal totems
*
* >>>> Support Randal Schwartz! email fundstonehenge.com for info <<<<<

Next message: Sten Gunterberg: "Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995"
Previous message: Brad Powell: "Re: load.root (loadmodule hole)"
Maybe in reply to: der Mouse: "load.root (loadmodule hole)"