[21652] in bugtraq
Re: 2.4.x/Slackware Init script vulnerability
daemon@ATHENA.MIT.EDU (twiz - Perla Enrico)
Thu Jul 19 13:08:28 2001
Date: Thu, 19 Jul 2001 01:50:07 +0200 (CEST)
From: twiz - Perla Enrico <twi@boiate.it>
To: bugtraq@securityfocus.com
In-Reply-To: <Pine.LNX.4.20.0107180041490.251-100000@twisterz.twz>
Message-ID: <Pine.LNX.4.20.0107190133030.239-100000@twisterz.twz>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
As Josh make me notice i' m partial in error.
The problem was that i' ve installed kernel 2.4.5 on my box after
(Slakware 7.0 come with kernel 2.2.13) , so I gave make modules_install at
the end of the compilation :
if [ -r System.map ]; then /sbin/depmod -ae -F System.map 2.4.5; fi
At the end depmod -a is called and it creates modules.dep, and it gives
"-rw-r--r--" permissions.
The Slakware startup script calls depmod -a, but modules.dep isn't erased
before, but just "updated", so it keeps "-rw-r--r--" permissions.
I' ve tried erasing modules.dep and then rebooting and modules.dep, this
time beeing created, has , as Josh, said "-rw-rw-rw" permissions.
So in the end this exploit will work only if the kernel hasn't benn
recompiled with make modules_install (or depmod -a called otherwise
not at the startup) of if modules.dep is erased before "depmod
-a" at the startup (Slakware 7.0 init script doesn' t do that, so it is
not vulnerable :) )
I' m sorry for my partially erroneus post
twiz - twiz@superdotati.net or twi@boiate.it - ./twlc
