Home page logo

bugtraq logo Bugtraq mailing list archives

Re: load.root (loadmodule hole)
From: pat () WOLFE net (Pat The Friendly RedNeck)
Date: Fri, 15 Sep 1995 17:14:39 -0700

Am I overlooking something obvious here, or would simply turning off the
set-UID bit on "loadmodule" be an acceptable temporary workaround for
most sites?

I dunno, but I noticed it is not called unless one starts an openwin
session with the -nosunview option (at least on the machine I used).  I
ran across this when I had loaded openwin, but failed to run
install_openwin, which sets up the stuff in /etc/openwin/modules, which
is what it actually loads and the scripts it runs.  It became apparant
when I tried to run it with the -nosunview option, and got all these
error messages.

So it might be possible to just chmod 400 loadmodule and get around it.
This is not an option if one has built a kernel w/o any sunview support,
such that openwin won't run without using the -nosunview option...

Fred Blonder            fred () nasirc hq nasa gov

Hughes STX Corp.        (301) 441-4079
7701 Greenbelt Rd.
Greenbelt, Md.  20770

#include <std.disclaimer>    Pat Myrto (pat () Wolfe NET)       Seattle WA
A sysadmin's life is a sorry one.  The only advantage he has over Emergency
Room doctors is that malpractice suits are rare.  On the other hand, ER
doctors never have to deal with patients installing new versions of their
own innards!   -Michael O'Brien

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]