![[LWN Logo]](/images/lcorner.png) |
|
![[Timeline]](/images/Included.png) |
From: Keith Owens <kaos@ocs.com.au>
To: linux-kernel@vger.kernel.org
Subject: Local root exploit with kmod and modutils > 2.1.121
Date: Mon, 13 Nov 2000 21:57:08 +1100
A local root exploit has been found using kernels compiled with kmod
and modutils > 2.1.121. Kernels without kmod and systems using
modutils 2.1.121 are not affected.
Patch against modutils 2.3.19, it should fit any 2.3 modutils.
Index: 19.7/util/meta_expand.c
--- 19.7/util/meta_expand.c Sun, 10 Sep 2000 12:56:40 +1100 kaos (modutils-2.3/10_meta_expan 1.4 644)
+++ 19.7(w)/util/meta_expand.c Mon, 13 Nov 2000 21:19:41 +1100 kaos (modutils-2.3/10_meta_expan 1.4 644)
@@ -156,12 +156,8 @@ static int glob_it(char *pt, GLOB_LIST *
*/
int meta_expand(char *pt, GLOB_LIST *g, char *base_dir, char *version)
{
- FILE *fin;
- int len = 0;
- char *line = NULL;
char *p;
char tmpline[PATH_MAX + 1];
- char tmpcmd[PATH_MAX + 11];
g->pathc = 0;
g->pathv = NULL;
@@ -277,38 +273,6 @@ int meta_expand(char *pt, GLOB_LIST *g,
/* Only "=" remaining, should be module options */
split_line(g, pt, 0);
return 0;
- }
-
- /*
- * Last resort: Use "echo"
- */
- sprintf(tmpline, "%s%s", (base_dir ? base_dir : ""), pt);
- sprintf(tmpcmd, "/bin/echo %s", tmpline);
- if ((fin = popen(tmpcmd, "r")) == NULL) {
- error("Can't execute: %s", tmpcmd);
- return -1;
- }
- /* else */
-
- /*
- * Collect the result
- */
- while (fgets(tmpcmd, PATH_MAX, fin) != NULL) {
- int l = strlen(tmpcmd);
-
- line = (char *)xrealloc(line, len + l + 1);
- line[len] = '\0';
- strcat(line + len, tmpcmd);
- len += l;
- }
- pclose(fin);
-
- if (line) {
- /* Ignore result if no expansion occurred */
- strcat(tmpline, "\n");
- if (strcmp(tmpline, line))
- split_line(g, line, 0);
- free(line);
}
return 0;
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
Please read the FAQ at http://www.tux.org/lkml/