Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: load.root (loadmodule hole)
From: karl () bagpuss demon co uk (Karl Strickland)
Date: Mon, 18 Sep 1995 00:22:14 +0100



From owner-bugtraq () CRIMELAB COM  Fri Sep 15 15:46:48 1995
Am I overlooking something obvious here, or would simply turning off the
set-UID bit on "loadmodule" be an acceptable temporary workaround for
most sites?
-----
Fred Blonder            fred () nasirc hq nasa gov

Hughes STX Corp.        (301) 441-4079
7701 Greenbelt Rd.
Greenbelt, Md.  20770


turning of the suid bit works *mostly*

 of course don't expect to be able to run openwindows :-)

I say mostly because there is still the problem if the process running
is running as root, as well as the problem of if another
setuid executable calls loadmodule.

Neither of these is as big a problem, but they are still there.

Calling system() has never been a smart thing, just a simple thing.
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

Given that statement, the following questions arise.

1. Did SUN know they were doing the 'simple but not smart' thing when
   they released the broken patch?

2. Did the SUN Quality-Control people know that system() is dangerous?
   If not, do they know now, and can we have an assurance that this will
   not happen again in the future?  If they did know, why did they pass
   the patch?

--
------------------------------------------+-----------------------------------
Mailed using ELM on FreeBSD               |                    Karl Strickland
PGP 2.3a Public Key Available.            | Internet: karl () bagpuss demon co uk
                                          |



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault