[prev in list] [next in list] [prev in thread] [next in thread]
List: bugtraq
Subject: [linux-security] Re: Big security hole in kerneld's request_route
From: Jacques Gelinas <jack () solucorp ! qc ! ca>
Date: 1996-06-13 17:55:13
[Download RAW message or body]
On Wed, 12 Jun 1996 ichudov@algebra.com wrote:
[Mod: Quoting trimmed. --Jeff.]
> I was just looking at sources of newly released linux 2.0.
> In modules-1.3.69k, in kerneld's subdirectory, there is a file
> request_route.sh (see below). It's supposed to run as root, whenever
> a route is requested. It is supposed to start pppd or something like
> that.
>
> As it appears, it is possible to destroy system philes (such as /etc/passwd
> and so on).
The path should be changed to /var/run/request-route.pid
It is unfortunate that there is no cleaner way to wait for pppd's success
or failure. I mean to do something as simple as
if /usr/sbin/pppd ...
then
echo ok
else
echo failure
fi
pppd just fork (goes in background) to soon. Maybe there is already an
option.
--------------------------------------------------------
Jacques Gelinas (jacques@solucorp.qc.ca)
Use Linux without reformating: Use UMSDOS.
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic