On Tue, 03 Oct 2006 14:59:54 PDT, Stephen Hemminger said: > I looked at it, basically his argument which is all flowered up in pretty > pictures and security vulnerability language is: > > If root loads a buggy module then the module can be used to compromise > the system. > > Well isn't that surprising. Big yawner. Now if the claim had been that a properly buggy module, inserted under a certain set of circumstances, got onto the binfmt list *even when the process loading it wasn't root*, now *that* would be an exploit....
Attachment:
pgp4by8D8zUqD.pgp
Description: PGP signature
- References:
- Fwd: Registration Weakness in Linux Kernel's Binary formats
- From: "Bráulio Oliveira" <[email protected]>
- Re: Registration Weakness in Linux Kernel's Binary formats
- From: Kyle Moffett <[email protected]>
- Re: Registration Weakness in Linux Kernel's Binary formats
- From: Stephen Hemminger <[email protected]>
- Fwd: Registration Weakness in Linux Kernel's Binary formats
- Prev by Date: Re: [PATCH take2 1/5] dio: centralize completion in dio_complete()
- Next by Date: Re: Registration Weakness in Linux Kernel's Binary formats
- Previous by thread: Re: Registration Weakness in Linux Kernel's Binary formats
- Next by thread: Re: Fwd: Registration Weakness in Linux Kernel's Binary formats
- Index(es):
 |