Re: load.root (loadmodule hole)

[pat () WOLFE net (Pat The Friendly RedNeck)]

> Am I overlooking something obvious here, or would simply turning off the
> set-UID bit on "loadmodule" be an acceptable temporary workaround for
> most sites?

I dunno, but I noticed it is not called unless one starts an openwin
session with the -nosunview option (at least on the machine I used).  I
ran across this when I had loaded openwin, but failed to run
install_openwin, which sets up the stuff in /etc/openwin/modules, which
is what it actually loads and the scripts it runs.  It became apparant
when I tried to run it with the -nosunview option, and got all these
error messages.

So it might be possible to just chmod 400 loadmodule and get around it.
This is not an option if one has built a kernel w/o any sunview support,
such that openwin won't run without using the -nosunview option...

> -----
> Fred Blonder            fred () nasirc hq nasa gov

> Hughes STX Corp.        (301) 441-4079
> 7701 Greenbelt Rd.
> Greenbelt, Md.  20770


--
#include <std.disclaimer>    Pat Myrto (pat () Wolfe NET)       Seattle WA
A sysadmin's life is a sorry one.  The only advantage he has over Emergency
Room doctors is that malpractice suits are rare.  On the other hand, ER
doctors never have to deal with patients installing new versions of their
own innards!   -Michael O'Brien