Re: local root exploit confirmed in 2.6.10: Linux 2.6 Kernel Capability LSM Module Local Privilege Elevation

[bert hubert]

On Tue, Dec 28, 2004 at 04:21:55PM -0500, Lee Revell wrote:
> Frank Barknecht pointed this out on linux-audio-dev, it's a horrible
> bug, I confirmed it in 2.6.10, and have not seen it mentioned on the
> list.

Although this sucks, it should be pointed out that it only grants root to
users able to force the loading of a certain module, aka 'root'.

Modules have always been free to give root capabilities to all users. We
don't usually ship these though :-)

-- 
http://www.PowerDNS.com      Open source, database driven DNS Software 
http://lartc.org           Linux Advanced Routing & Traffic Control HOWTO
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/