[2719] in bugtraq
[linux-security] Re: Big security hole in kerneld's request_route
daemon@ATHENA.MIT.EDU (Jacques Gelinas)
Fri Jun 14 00:55:01 1996
Date: Thu, 13 Jun 1996 17:55:13 -0500
Reply-To: Bugtraq List <BUGTRAQ@NETSPACE.ORG>
From: Jacques Gelinas <jack@solucorp.qc.ca>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@NETSPACE.ORG>
In-Reply-To: <199606130421.XAA00723@manifold.algebra.com>
On Wed, 12 Jun 1996 ichudov@algebra.com wrote:
[Mod: Quoting trimmed. --Jeff.]
> I was just looking at sources of newly released linux 2.0.
> In modules-1.3.69k, in kerneld's subdirectory, there is a file
> request_route.sh (see below). It's supposed to run as root, whenever
> a route is requested. It is supposed to start pppd or something like
> that.
>
> As it appears, it is possible to destroy system philes (such as /etc/passwd
> and so on).
The path should be changed to /var/run/request-route.pid
It is unfortunate that there is no cleaner way to wait for pppd's success
or failure. I mean to do something as simple as
if /usr/sbin/pppd ...
then
echo ok
else
echo failure
fi
pppd just fork (goes in background) to soon. Maybe there is already an
option.
--------------------------------------------------------
Jacques Gelinas (jacques@solucorp.qc.ca)
Use Linux without reformating: Use UMSDOS.
