mailing list archives
More modutils: It's probably worse.
From: Chris Evans <chris () SCARY BEASTS ORG>
Date: Mon, 13 Nov 2000 21:01:23 +0000
I think this problem is worse than originally thought. As noted by Olaf:
It should be noted that older Linux distributions using e.g.
modutils-2.1.121 (which I'm looking at) should be safe: before
modprobe will do _anything_ it checks the name of the requested
module against /lib/modules/modules.dep and fails if the module's
not listed. Getting "; chmod +w ." listed as a module should be
sort of tricky.
Unfortunately, we can subvert modutils _before_ any validation of module
name gets run. If we make the first character of our proposed module a
'-', then it will be just like we passed an option to modprobe.
modprobe -C, to specify a config file other than /etc/modules.conf, would
be an interesting route to play with.
Oh dear. Looks like a kernel issue as well as a modutils issue. Also looks
like more distributions could be affected.
I'd normally hold off posting something like this, but I guarantee black
hats have already figured this out.
- More modutils: It's probably worse. Chris Evans (Nov 14)