[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] Linux kernel source archive vulnerable

To: Hadmut Danisch <hadmut@xxxxxxxxxx>
Subject: Re: [Full-disclosure] Linux kernel source archive vulnerable
From: Lee Ball <lee@xxxxxxxxxxxxxxxxxx>
Date: Fri, 08 Sep 2006 11:44:02 +0100

Hadmut Danisch wrote:
> On Fri, Sep 08, 2006 at 12:52:22AM +0530, Raj Mathur wrote:
>> I wouldn't know if something has changed drastically between 2.6.16
>> and 2.6.17.11, but:
>>
>> raju@mail:~$ find /usr/src/linux-2.6.16/ -perm -666 ! -type l
>> raju@mail:~$
>>
>> Not a single world-writable file or directory.  Perhaps pre-release
>> kernel tarballs are more lax?
> 
> 
> On my machine (I also have a 2.6.16):
> 
> # find /usr/src/linux-2.6.16/ -perm -666 ! -type l | wc -l
> 20434
> 
> Just to doublecheck I wrote a script which parses the kernel tar:
> 
> pax_global_header                                                             
>  52 b mode=666 uid=    0 gid=    0
> linux-2.6.17.11/                                                              
>   0 b mode=777 uid=    0 gid=    0
> linux-2.6.17.11/.gitignore                                                    
> 462 b mode=666 uid=    0 gid=    0
> linux-2.6.17.11/COPYING                                                     
> 18693 b mode=666 uid=    0 gid=    0
> linux-2.6.17.11/CREDITS                                                     
> 89536 b mode=666 uid=    0 gid=    0
> linux-2.6.17.11/Documentation/                                                
>   0 b mode=777 uid=    0 gid=    0
> linux-2.6.17.11/Documentation/00-INDEX                                      
> 10581 b mode=666 uid=    0 gid=    0
> linux-2.6.17.11/Documentation/BUG-HUNTING                                    
> 7249 b mode=666 uid=    0 gid=    0
> linux-2.6.17.11/Documentation/Changes                                       
> 11655 b mode=666 uid=    0 gid=    0
> linux-2.6.17.11/Documentation/CodingStyle                                   
> 17843 b mode=666 uid=    0 gid=    0
> linux-2.6.17.11/Documentation/DMA-API.txt                                   
> 21291 b mode=666 uid=    0 gid=    0
> linux-2.6.17.11/Documentation/DMA-ISA-LPC.txt                                
> 5332 b mode=666 uid=    0 gid=    0
> linux-2.6.17.11/Documentation/DMA-mapping.txt                               
> 32801 b mode=666 uid=    0 gid=    0
> linux-2.6.17.11/Documentation/DocBook/                                        
>   0 b mode=777 uid=    0 gid=    0
> linux-2.6.17.11/Documentation/DocBook/.gitignore                              
>  35 b mode=666 uid=    0 gid=    0
> ...
> 
> 
> A friend of mine confirmed to also have world writable dirs and files.
> 
> regards
> Hadmut

Sorry to add my 2 pence worth but I noticed that Raj ran his command as
a normal user and you Hadmut have ran yours as root. Isn't it going to
be ok as the directories above these world writeable files aren't
writeable/readable by a non-superuser?

Cheers

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- Re: [Full-disclosure] Linux kernel source archive vulnerable
  - From: Hadmut Danisch

References:
- [Full-disclosure] Linux kernel source archive vulnerable
  - From: Hadmut Danisch
- Re: [Full-disclosure] Linux kernel source archive vulnerable
  - From: Raj Mathur
- Re: [Full-disclosure] Linux kernel source archive vulnerable
  - From: Hadmut Danisch

Prev by Date: Re: [Full-disclosure] Linux kernel source archive vulnerable
Next by Date: [Full-disclosure] SECURITY.NNOV: Panda Platinum Internet Security
Previous by thread: Re: [Full-disclosure] Linux kernel source archive vulnerable
Next by thread: Re: [Full-disclosure] Linux kernel source archive vulnerable
Index(es):
- Date
- Thread