From djb@cr.yp.to Wed Dec 15 14:23:20 2004
Date: 15 Dec 2004 08:32:41 -0000
From: D. J. Bernstein <djb@cr.yp.to>
To: securesoftware@list.cr.yp.to, user-mode-linux-devel@lists.sourceforge.net
Subject: [local] [kill] uml-utilities 20030903 uml_net slip_down() fails to
    check permissions

Danny Lungstrom, a student in my Fall 2004 UNIX Security Holes course,
has discovered that uml_net, when installed setuid root (as is normal),
allows any local user to type

   ./uml_net 4 slip down eth0

to take down the computer's Ethernet connection. The connection stays
down until the system administrator manually brings it back up. I'm
publishing this notice, but all the discovery credits should be assigned
to Lungstrom.

The underlying bug is that, in slip.c, slip_down() has no idea whether
the user is actually allowed to take down the specified interface.

---D. J. Bernstein, Associate Professor, Department of Mathematics,
Statistics, and Computer Science, University of Illinois at Chicago