[ILUG] (no subject)
Mark McLoughlin
mark at skynet.ie
Mon Nov 20 13:16:45 GMT 2000
On Mon, 20 Nov 2000, John P . Looney wrote:
> Have a look at:
> http://www.lwn.net/2000/1116/kernel.php3
>
> Does anyone know how serious this bug is ? I couldn't get the exploit to
> work - I'm thinking it's an older version of modutils or something.
>
> Kate
>
A couple of things about this...
- Do you not need to be root to use ping -I in the first place, well
by that I mean you have to have CAP_NET_RAW capability ( and that
includes raw sockets ) ? See sock_setsockopt in net/core/sock.c
#ifdef CONFIG_NETDEVICES
case SO_BINDTODEVICE:
{
char devname[IFNAMSIZ];
/* Sorry... */
if (!capable(CAP_NET_RAW))
return -EPERM;
- setsockopt SO_BINDTODEVICE doesn't even seem to try and load the
module for the device (in 2.2.17 anyway )....
if (devname[0] == '\0') {
sk->bound_dev_if = 0;
} else {
struct device *dev = dev_get(devname);
if (!dev)
return -EINVAL;
sk->bound_dev_if = dev->ifindex;
}
where dev_get just loops through to find the device
for (dev = dev_base; dev != NULL; dev = dev->next) {
if (strcmp(dev->name, name) == 0)
return(dev);
}
Am I missing something here, just how does ping -I'blah de blah'
end up giving you modprobe 'blah de blah'?
Good Luck,
Mark
More information about the ILUG
mailing list