Re: RegistrationÂWeaknessÂinÂLinuxÂKernel'sÂBinaryÂformats

From: Chase Venters
Date: Tue Oct 03 2006 - 23:50:04 EST

Next message: Jeffrey W. Baker: "Re: [PATCH] libata: test driver for Marvell PATA"
Previous message: Valdis . Kletnieks: "Re: kexec / kdump kernel panic"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tuesday 03 October 2006 14:12, SHELLCODE Security Research wrote:
> Hello,
> The present document aims to demonstrate a design weakness found in the
> handling of simply
> linked lists used to register binary formats handled by
> Linux kernel, and affects all the kernel families
> (2.0/2.2/2.4/2.6), allowing the insertion of infection modules in
> kernelÂ space that can be used by malicious users to create infection
> tools, for example rootkits.

Yay, you've been Slashdotted!

Question: Why did you personally submit this to Slashdot when it is absolutely
clear that the observation is akin to figuring out a process can call fork()
and exec() and become "/bin/rm" with an argv of "/bin/rm", "-rf", and "*"?

Is this what you call good marketing?

> POC, details and proposed solution at:
> English version: http://www.shellcode.com.ar/docz/binfmt-en.pdf
> Spanish version: http://www.shellcode.com.ar/docz/binfmt-es.pdf
>

Thanks,
Chase
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Jeffrey W. Baker: "Re: [PATCH] libata: test driver for Marvell PATA"
Previous message: Valdis . Kletnieks: "Re: kexec / kdump kernel panic"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]