[2247] in bugtraq
Re: load.root (loadmodule hole)
daemon@ATHENA.MIT.EDU (Dave Mitchell)
Mon Sep 18 15:45:31 1995
Date: Mon, 18 Sep 1995 13:08:15 BST
Reply-To: Bugtraq List <BUGTRAQ@CRIMELAB.COM>
From: Dave Mitchell <D.Mitchell@dcs.shef.ac.uk>
X-To: BUGTRAQ@CRIMELAB.COM
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@CRIMELAB.COM>
Brad Powell <Brad.Powell@Eng.Sun.COM> writes:
>loadmodule also gets called when you "load modules" such as
>PC NFS, or SunPC, or WABI, ect.. it also gets called by applications
>such as printer software packages to load their device driver.
>
>I't a useful utility but _very_ insecure.
>Its replaced in solaris 2.X
Err, are we talking about /usr/openwin/bin/loadmodule under SunOS 4.x?
Loading WABI modules? Etc?
Are you sure you're not confusing this with /usr/kvm/modload, a
non-setuid program which loads modules into kernel, and which is invoked
by the (setuid) loadmodule program?
Dave.
* David Mitchell, Systems Administrator, email: D.Mitchell@dcs.shef.ac.uk
* Dept. Computer Science, Sheffield Uni. phone: +44 114-282-5573
* 211 Portobello St, Sheffield S1 4DP, UK. fax: +44 114-278-0972
*
* Standards (n). Battle insignia or tribal totems
*
* >>>> Support Randal Schwartz! email fund@stonehenge.com for info <<<<<
