[SECURITY] Simpleinit root exploit

Matthias Benkmann matthias at winterdrache.de
Sun May 26 13:24:34 PDT 2002


On Sun, 26 May 2002 14:52:16 -0400 Gerard Beekmans
<gerard at linuxfromscratch.org> wrote:

> On Sun, May 26, 2002 at 07:37:12PM +0200, Matthias Benkmann wrote:
> > Workaround:
> > Do not start xdm or other programs that interact with untrusted users
> > from the bootprog, finalprog and ctrlaltdel programs and programs
> > started by these programs.
> 
> So instead just create a normal bootscript to launch xdm I take it?

No, maybe this was badly phrased but I meant the term "program" to include
boot scripts. Whatever code is executed as bootprog or by code run as
bootprog is vulnerable, regardless of whether it's an ELF binary, a Perl
script, a shell script or whatever. So the workaround is to be read as
"Do not start *anything* that interacts with untrusted users directly or
indirectly as bootprog/finalprog/ctrlaltdel". 

The only thing that is safe are the ttylines that usually start the
gettys. Of course the best thing is to just install the new fixed
simpleinit-msb.

MSB

-- 
I used to have an open mind but my brains kept falling out.

-- 
Unsubscribe: send email to listar at linuxfromscratch.org
and put 'unsubscribe lfs-security' in the subject header of the message



More information about the lfs-security mailing list