[9321] in bugtraq
Re: [patch] /proc race fixes for 2.2.1 (fwd)
daemon@ATHENA.MIT.EDU (Richard Kail)
Wed Feb 3 11:27:19 1999
Date: Wed, 3 Feb 1999 13:50:52 +0100
Reply-To: Richard Kail <e8903122@student.tuwien.ac.at>
From: Richard Kail <e8903122@STUDENT.TUWIEN.AC.AT>
X-To: Andrea Arcangeli <andrea@E-MIND.COM>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <Pine.LNX.3.96.990202172232.391K-100000@laser.bogus>
Hello !
There seems to be anoter /proc race in the 2.2.1 linux kernel.
I will explain this with an example:
modprobe coda.o # will load coda.o as dynamically module
# the kernel will create a /proc/fs/coda directory
# on the fly.
cd /proc/fs/coda # make shell chdir("/proc/fs/coda")
rmmod coda.o # works ! (shouldn't)
ls -l # generate a oops.
after this, the coda.o module seems not to work at all. Maybe this is a
systematic problem of more than one driver. I am not a kernel hacker, so I
can't check all kernel modules for this kind of problem.
Since a user can control the whole process I think has security
implications.
A user can trigger a "modprobe module" command using the kerneld (oh, its
called kmod now...) mechanism.
A user can chdir /proc/fs/coda.
If the system has implemented the cron job as suggested in
linux/Documentation/kmod.txt the user has just to wait with
wd=/proc/fs/code to crash the system.
Kind regards,
Richard
------
"One day, computer power will eventually outstrip demand, and OS engineers
will be free to use friendly languages like LISP again.. until then, I
think we're stuck with C." -- Oliver Xymoro
