Jörg W Mittag
Joerg.Mittag at Web.De
Wed Jan 7 03:50:36 PST 2004
Ian Molton wrote:
> On Wed, 7 Jan 2004 02:42:22 +0100 Jörg W Mittag <Joerg.Mittag at Web.De>
>> *and if* he's able to trigger some action which loads this module - that
>> is a lot of ifs.
> and if he can place the modules somewhere the kernel will look for it -
> which probably requires root...
This is only needed if the attacker wants to insert his own module into the
kernel. In the third paragraph I was referring to a hypothetical security
flaw in the module handling code (both in-kernel and
modutils/module-init-tools) itself. To exploit this the attacker only needs
to "convince" the kernel to load *any* module. I think this is what the
ptrace() exploit did, although I never actually understood it. /me should
really start learning C ...
gtkmm-1.2.10% ./configure --help
--enable-voodoo Use Voodoo Fried Chicken spell to compile Gtk-- (use
this only when everything else fails)
More information about the hlfs-dev