?? loz
----- Forwarded message from Micah Anderson micah@indymedia.org -----
List-Archive: http://lists.indymedia.org/mailman/public/imc-tech/ X-Original-Date: Wed, 19 Mar 2003 13:48:26 -0800
I have modified sarai, stallman, judi and kropotkin to have the workaround proc setting installed and set on boot.
Micah
On Tue, 18 Mar 2003, Agent Humble wrote:
Hi there,
I know that many of you will ahve heard about this already but for those who haven't...
A hole has been discovered in the Linux kernel which could allow a local user to escalate to root. The fix for 2.2 kernels is to upgrade to 2.2.25. Other kernels should check out the message and kernel patch from Alan Cox at http://www.spinics.net/lists/kernel/msg162986.html
or follow the instructions below which don't require you to re-compile your kernel.
If you can't patch this right away, you can easily work around the hole. In order to be vulnerable, you need to have kmod enabled in the kernel, and /proc/sys/kernel/modprobe must contain the name of ANY VALID EXECUTABLE. It doesn't have to be /sbin/modprobe. Even /bin/false is vulnerable on this one.
To prevent the exploit, give the kernel a bogus filename to use as modprobe, like this:
cat /this/file/aint/there > /proc/sys/kernel/modprobe
If you only use kmod to load modules at boot time, you might consider having this run after all your other init scripts, say in rc.local.
-- [ http://ender.indymedia.org/twiki/bin/view/Main/AgentHumble ] fingerprint: 9E94 3068 D99C DD15 9CA2 8DE2 AB6F 9D3A 1733 13F8 gpg --keyserver keys.indymedia.org --recv-key 1733 13F8 [expires: 2012-12-21]
imc-sysadmin mailing list imc-sysadmin@lists.indymedia.org http://lists.indymedia.org/mailman/listinfo/imc-sysadmin
----- End forwarded message -----
_______________________________________________ imc-tech mailing list imc-tech@lists.indymedia.org http://lists.indymedia.org/mailman/listinfo/imc-tech
----- End forwarded message -----