[796] in linux-security and linux-alert archive

home help back first fref pref prev next nref lref last post

[linux-security] Re: Big security hole in kerneld's request_route

daemon@ATHENA.MIT.EDU (Jacques Gelinas)
Thu Jun 13 12:35:35 1996

Date: Thu, 13 Jun 1996 09:07:30 -0400 (EDT)
From: Jacques Gelinas <jack@solucorp.qc.ca>
To: ichudov@algebra.com
cc: bj0rn@blox.se, linux-alert@tarsier.cv.nrao.edu,
        linux-security@tarsier.cv.nrao.edu
In-Reply-To: <199606130421.XAA00723@manifold.algebra.com>

On Wed, 12 Jun 1996 ichudov@algebra.com wrote:

[Mod: Quoting trimmed.  --Jeff.]

> I was just looking at sources of newly released linux 2.0.
> In modules-1.3.69k, in kerneld's subdirectory, there is a file 
> request_route.sh (see below). It's supposed to run as root, whenever
> a route is requested. It is supposed to start pppd or something like 
> that.
> 
> As it appears, it is possible to destroy system philes (such as /etc/passwd
> and so on). 

The path should be changed to /var/run/request-route.pid

It is unfortunate that there is no cleaner way to wait for pppd's success 
or failure. I mean to do something as simple as

if /usr/sbin/pppd ...
then
	echo ok
else
	echo failure
fi

pppd just fork (goes in background) to soon. Maybe there is already an 
option.

 --------------------------------------------------------
Jacques Gelinas (jacques@solucorp.qc.ca)
Use Linux without reformating: Use UMSDOS.


home help back first fref pref prev next nref lref last post