[prev in list] [next in list] [prev in thread] [next in thread] 

List:       bugtraq
Subject:    [linux-security] Re: Big security hole in kerneld's request_route
From:       Jacques Gelinas <jack () solucorp ! qc ! ca>
Date:       1996-06-13 17:55:13
[Download RAW message or body]

On Wed, 12 Jun 1996 ichudov@algebra.com wrote:

[Mod: Quoting trimmed.  --Jeff.]

> I was just looking at sources of newly released linux 2.0.
> In modules-1.3.69k, in kerneld's subdirectory, there is a file
> request_route.sh (see below). It's supposed to run as root, whenever
> a route is requested. It is supposed to start pppd or something like
> that.
>
> As it appears, it is possible to destroy system philes (such as /etc/passwd
> and so on).

The path should be changed to /var/run/request-route.pid

It is unfortunate that there is no cleaner way to wait for pppd's success
or failure. I mean to do something as simple as

if /usr/sbin/pppd ...
then
        echo ok
else
        echo failure
fi

pppd just fork (goes in background) to soon. Maybe there is already an
option.

 --------------------------------------------------------
Jacques Gelinas (jacques@solucorp.qc.ca)
Use Linux without reformating: Use UMSDOS.

[prev in list] [next in list] [prev in thread] [next in thread]