Home page logo

bugtraq logo Bugtraq mailing list archives

Re: load.root (loadmodule hole)
From: D.Mitchell () dcs shef ac uk (Dave Mitchell)
Date: Mon, 18 Sep 1995 13:08:15 BST

Brad Powell <Brad.Powell () Eng Sun COM> writes:
loadmodule also gets called when you "load modules" such as
PC NFS, or SunPC, or WABI, ect.. it also gets called by applications
such as printer software packages to load their device driver.

I't a useful utility but _very_ insecure.
Its replaced in solaris 2.X

Err, are we talking about /usr/openwin/bin/loadmodule under SunOS 4.x?
Loading WABI modules? Etc?

Are you sure you're not confusing this with /usr/kvm/modload, a
non-setuid program which loads modules into kernel, and which is invoked
by the (setuid) loadmodule program?


* David Mitchell, Systems Administrator,    email: D.Mitchell () dcs shef ac uk
* Dept. Computer Science, Sheffield Uni.    phone: +44 114-282-5573
* 211 Portobello St, Sheffield S1 4DP, UK.  fax:   +44 114-278-0972
* Standards (n). Battle insignia or tribal totems
* >>>> Support Randal Schwartz! email fund () stonehenge com for info <<<<<

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]