* [devel] [Fwd: Re: [BUGTRAQ] Linux kernel sysctl() vulnerability]
@ 2001-02-11 9:45 Anton Farygin
2001-02-11 23:10 ` Dmitry V. Levin
0 siblings, 1 reply; 4+ messages in thread
From: Anton Farygin @ 2001-02-11 9:45 UTC (permalink / raw)
To: devel
Мне кажется стоит в ядро патч включить.
Rgds
Anton
-------- Original Message --------
Subject: Re: [BUGTRAQ] Linux kernel sysctl() vulnerability
Date: Sat, 10 Feb 2001 10:28:01 +0100
From: Florian Weimer <Florian.Weimer@RUS.UNI-STUTTGART.DE>
Reply-To: Florian Weimer <Florian.Weimer@RUS.UNI-STUTTGART.DE>
To: BUGTRAQ@SECURITYFOCUS.COM
References:
<Pine.LNX.4.30.0102091259040.32418-100000@ferret.lmh.ox.ac.uk>
Chris Evans <chris@SCARY.BEASTS.ORG> writes:
> There exists a Linux system call sysctl() which is used to query and
> modify runtime system settings. Unprivileged users are permitted to query
> the value of many of these settings.
It appears that all current Linux kernel version (2.2.x and 2.4.x) are
vulnerable. Right?
Was it really necessary to release this stuff just before the weekend?
The following trivial patch should fix this issue. (I wonder how you
can audit code for such vulnerabilities. It's probably much easier to
rewrite it in Ada. ;-)
--- sysctl.c 2001/02/10 09:42:12 1.1
+++ sysctl.c 2001/02/10 09:42:26
@@ -1123,7 +1123,7 @@
void *oldval, size_t *oldlenp,
void *newval, size_t newlen, void **context)
{
- int l, len;
+ unsigned l, len;
if (!table->data || !table->maxlen)
return -ENOTDIR;
--
Florian Weimer Florian.Weimer@RUS.Uni-Stuttgart.DE
University of Stuttgart http://cert.uni-stuttgart.de/
RUS-CERT +49-711-685-5973/fax +49-711-685-5898
_______________________________________________
Devel mailing list
Devel@linux.iplabs.ru
http://www.logic.ru/mailman/listinfo/devel
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [devel] [Fwd: Re: [BUGTRAQ] Linux kernel sysctl() vulnerability]
2001-02-11 9:45 [devel] [Fwd: Re: [BUGTRAQ] Linux kernel sysctl() vulnerability] Anton Farygin
@ 2001-02-11 23:10 ` Dmitry V. Levin
2001-02-12 5:36 ` Anton Farygin (Rider_LRN)
0 siblings, 1 reply; 4+ messages in thread
From: Dmitry V. Levin @ 2001-02-11 23:10 UTC (permalink / raw)
To: devel
[-- Attachment #1: Type: text/plain, Size: 1135 bytes --]
On Sun, Feb 11, 2001 at 12:45:49PM +0300, Anton Farygin wrote:
> Мне кажется стоит в ядро патч включить.
>
> Rgds
> Anton
>
>
> -------- Original Message --------
> Subject: Re: [BUGTRAQ] Linux kernel sysctl() vulnerability
> Date: Sat, 10 Feb 2001 10:28:01 +0100
> From: Florian Weimer <Florian.Weimer@RUS.UNI-STUTTGART.DE>
> Reply-To: Florian Weimer <Florian.Weimer@RUS.UNI-STUTTGART.DE>
> To: BUGTRAQ@SECURITYFOCUS.COM
Давайте возьмем за правило письма из BUGTRAQ сюда не форвардить, если
решение проблемы касается только меня. Ибо, как правило, я в курсе,
причем, возможно, раньше вас.
Обновление ядра сейчас невозможно в связи с тем, что photo в данный
момент не доступен.
Regards,
Dmitry
+-------------------------------------------------------------------------+
Dmitry V. Levin mailto://ldv@fandra.org
Software Engineer PGP pubkey http://www.fandra.org/users/ldv/pgpkeys.html
IPLabs Linux Team http://linux.iplabs.ru
Fandra Project http://www.fandra.org
+-------------------------------------------------------------------------+
UNIX is user friendly. It's just very selective about who its friends are.
[-- Attachment #2: Type: application/pgp-signature, Size: 232 bytes --]
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [devel] [Fwd: Re: [BUGTRAQ] Linux kernel sysctl() vulnerability]
2001-02-11 23:10 ` Dmitry V. Levin
@ 2001-02-12 5:36 ` Anton Farygin (Rider_LRN)
2001-02-12 8:28 ` Dmitry V. Levin
0 siblings, 1 reply; 4+ messages in thread
From: Anton Farygin (Rider_LRN) @ 2001-02-12 5:36 UTC (permalink / raw)
To: devel
"Dmitry V. Levin" wrote:
> On Sun, Feb 11, 2001 at 12:45:49PM +0300, Anton Farygin wrote:
> > Мне кажется стоит в ядро патч включить.
> >
> > Rgds
> > Anton
> >
> >
> > -------- Original Message --------
> > Subject: Re: [BUGTRAQ] Linux kernel sysctl() vulnerability
> > Date: Sat, 10 Feb 2001 10:28:01 +0100
> > From: Florian Weimer <Florian.Weimer@RUS.UNI-STUTTGART.DE>
> > Reply-To: Florian Weimer <Florian.Weimer@RUS.UNI-STUTTGART.DE>
> > To: BUGTRAQ@SECURITYFOCUS.COM
>
> Давайте возьмем за правило письма из BUGTRAQ сюда не форвардить, если
> решение проблемы касается только меня. Ибо, как правило, я в курсе,
> причем, возможно, раньше вас.
>
> Обновление ядра сейчас невозможно в связи с тем, что photo в данный
> момент не доступен.
>
OK. А что с photo?
Rgds
Anton
_______________________________________________
Devel mailing list
Devel@linux.iplabs.ru
http://www.logic.ru/mailman/listinfo/devel
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [devel] [Fwd: Re: [BUGTRAQ] Linux kernel sysctl() vulnerability]
2001-02-12 5:36 ` Anton Farygin (Rider_LRN)
@ 2001-02-12 8:28 ` Dmitry V. Levin
0 siblings, 0 replies; 4+ messages in thread
From: Dmitry V. Levin @ 2001-02-12 8:28 UTC (permalink / raw)
To: devel
[-- Attachment #1: Type: text/plain, Size: 1355 bytes --]
On Mon, Feb 12, 2001 at 08:36:29AM +0300, Anton Farygin (Rider_LRN) wrote:
> > > Мне кажется стоит в ядро патч включить.
> > >
> > > Rgds
> > > Anton
> > >
> > >
> > > -------- Original Message --------
> > > Subject: Re: [BUGTRAQ] Linux kernel sysctl() vulnerability
> > > Date: Sat, 10 Feb 2001 10:28:01 +0100
> > > From: Florian Weimer <Florian.Weimer@RUS.UNI-STUTTGART.DE>
> > > Reply-To: Florian Weimer <Florian.Weimer@RUS.UNI-STUTTGART.DE>
> > > To: BUGTRAQ@SECURITYFOCUS.COM
> >
> > Давайте возьмем за правило письма из BUGTRAQ сюда не форвардить, если
> > решение проблемы касается только меня. Ибо, как правило, я в курсе,
> > причем, возможно, раньше вас.
> >
> > Обновление ядра сейчас невозможно в связи с тем, что photo в данный
> > момент не доступен.
> >
>
> OK. А что с photo?
С photo все нормально. Сейчас. А до этого сутки был недоступен, похоже,
кто-то, уходя, зацепил кабель... :(
Regards,
Dmitry
+-------------------------------------------------------------------------+
Dmitry V. Levin mailto://ldv@fandra.org
Software Engineer PGP pubkey http://www.fandra.org/users/ldv/pgpkeys.html
IPLabs Linux Team http://linux.iplabs.ru
Fandra Project http://www.fandra.org
+-------------------------------------------------------------------------+
UNIX is user friendly. It's just very selective about who its friends are.
[-- Attachment #2: Type: application/pgp-signature, Size: 232 bytes --]
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2001-02-12 8:28 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2001-02-11 9:45 [devel] [Fwd: Re: [BUGTRAQ] Linux kernel sysctl() vulnerability] Anton Farygin
2001-02-11 23:10 ` Dmitry V. Levin
2001-02-12 5:36 ` Anton Farygin (Rider_LRN)
2001-02-12 8:28 ` Dmitry V. Levin
ALT Linux Team development discussions
This inbox may be cloned and mirrored by anyone:
git clone --mirror http://lore.altlinux.org/devel/0 devel/git/0.git
# If you have public-inbox 1.1+ installed, you may
# initialize and index your mirror using the following commands:
public-inbox-init -V2 devel devel/ http://lore.altlinux.org/devel \
devel@altlinux.org devel@altlinux.ru devel@lists.altlinux.org devel@lists.altlinux.ru devel@linux.iplabs.ru mandrake-russian@linuxteam.iplabs.ru sisyphus@linuxteam.iplabs.ru
public-inbox-index devel
Example config snippet for mirrors.
Newsgroup available over NNTP:
nntp://lore.altlinux.org/org.altlinux.lists.devel
AGPL code for this site: git clone https://public-inbox.org/public-inbox.git