[GLLUG] monilithic kernel (debian 3.0) and ethernet devices

djf2 djf2@danu.ili.net
Thu, 21 Mar 2002 15:44:32 -0500 (EST)

Previous message: [GLLUG] monilithic kernel (debian 3.0) and ethernet devices
Next message: [GLLUG] monilithic kernel (debian 3.0) and ethernet devices
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, 21 Mar 2002, Melson, Paul wrote:

> The only thing like that that I'm aware of is a pretty obscure issue
> that was a bug in the kernel itself (2.4.3-6).  If the condition was met
> (no modules.dep file at boot) the kernel would build one chmod 666.
> Then an attacker could force the kernel to load whatever module s/he
> wanted, but only after rebooting.  It was pretty tough to exploit, and
> any half-hearted file system monitoring tool would have found the new
> world-writeable file before an exploit would likely occur.

     That wasn't the one I was thinking of specifically, but I'm sure it
hasn't been the only particular exploit like that or for that matter the
last.  What I suggested was that if there was an exploit that allowed
you to overwrite arbitrary files without having root, you could force
the kernel to load whatever module you wanted without root.  Now, I agree,
once the attacker grabs root it really doesn't matter.

--
"Is that sound you're hearing the trumpeting of St. Peter's angels
 or the screams of Memnoch's tortured souls?"
Don Flynn        djf2@ili.net                   Sayge@IRC

Previous message: [GLLUG] monilithic kernel (debian 3.0) and ethernet devices
Next message: [GLLUG] monilithic kernel (debian 3.0) and ethernet devices
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]