[1630] in linux-security and linux-alert archive

home help back first fref pref prev next nref lref last post

[linux-security] Re: Re: kerneld and module security

daemon@ATHENA.MIT.EDU (Pawel S. Veselov)
Tue Sep 30 02:43:56 1997

Date: Tue, 30 Sep 1997 03:54:25 +0300 (MSK)
From: "Pawel S. Veselov" <vps@unicorn.niimm.spb.su>
To: linux-security@redhat.com
Cc: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <Pine.LNX.3.95.970929145934.14741B-100000@caffeine.induced.insomnia.org>
Resent-From: linux-security@redhat.com
Reply-To: linux-security@redhat.com

                    Hello, Patrick!

On Mon, 29 Sep 1997, Patrick Cantwell wrote:

><snip>
>
>> Corollary:  Any module in /lib/modules can be loaded into kernel memory by
>> any user at any time.  There are potential denial-of-service attacks
>> from autoprobes and device initialization all kinds of other goo that
>> I wish I didn't have to think about here.

>see Brian Mitchell's "hacked_setuid" module, that was released in phrack
>50, article 5 (along with his linspy terminal snooper program)..
>what this module does is redirect the setuid() call so you can become
>superuser using a magic number.
>just think, if you could load this module at will without being root, all
>you'd need to do is whip up some code that does setuid(magic_number) and
>spawns a shell! 
>
>> Here are four alternative fixes:
>
>#5 make /usr/lib/modules root read/write only

[mod: Patrick was thinking about a user installing a special module,
indeed the rest was thinking about what could be achieved without 
having to install a special module: denial of service. -- REW]

Nah, this will not do the trick. kerneld is runned under root, so it will be
able to insmod/rmmod modules. kerneld will take any modules from
/lib/modules/.... only, so there is no problem that user can install he's
own module. Problem is DoS - some modules could cause problems for a systems
with autoprobing hardware frequently or autoprobe collision with some other
module.
I really don't believe, that somebody allows users to write
/lib/modules/xxx...

It is nice, I could compile some filesystems code as modules and let user
load it. kerneld will remove module only after some timeout, so kernel will
not go crazy for frequent insmoding/rmmoding.

Bye.
--
I know you think you thought you knew what you thought I said,
but I'm not sure you understood what you thought I meant.

--
    With best of best regards, Pawel S. Veselov (aka Black Angel)
       internet : vps@unicorn.niimm.spb.su ( mail,finger,talk )
                  fidonet : 2:5030/5.412
                schoolnet : 21:9000/412
                 Web page : http://www.niimm.spb.su/~vps/

--
----------------------------------------------------------------------
Please refere to the information about this list as well as general
information about Linux security at http://www.aoy.com/Linux/Security.
----------------------------------------------------------------------

To unsubscribe: mail -s unsubscribe test-list-request@redhat.com < /dev/null


home help back first fref pref prev next nref lref last post