Juergen Quade writes:
> On Sun, Nov 27, 2005 at 12:57:47PM -0600, Mohamed El Dawy wrote:
> > Hi,
> > I have created this 5-liner system call, which basically opens a
> > file, write "Hello World" to it, and then returns. That's all.
> >
> > Now, when I actually call it, it creates the file successfully but
> > writes nothing to it. The file is created and is only zero bytes. So,
> > either write didn't write, or close didn't close. Any help would be
> > greatly appreciated.
> > ...
>
> The following (module-) code will create and write a file from
> inside a kernel. Ok -- you know -- you should not use it
> without really good reasons ...
>
> Juergen.
>
> #include <linux/module.h>
> #include <linux/moduleparam.h>
> #include <linux/fs.h>
> #include <asm/uaccess.h>
>
> static char filename[255];
> module_param_string( filename, filename, sizeof(filename), 666 );
> struct file *log_file;
>
> static int __init mod_init(void)
> {
> mm_segment_t oldfs;
>
> if( filename[0]=='\0' )
> strncpy( filename, "/tmp/kernel_file", sizeof(filename) );
> printk("opening filename: %s\n", filename);
> log_file = filp_open( filename, O_WRONLY | O_CREAT, 0644 );
> printk("log_file: %p\n", log_file );
> if( IS_ERR( log_file ) )
> return -EIO;
This code is trivially exploitable: /tmp is usually a world-writable
directory, and everybody can do
$ ln -s /etc/shadow /tmp/kernel_file
or even
$ ln /etc/shadow /tmp/kernel_file
provided that /tmp and /etc are on the same file system.
Please do not use it.
Nikita.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Stuff]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
[Linux Resources]
