Try echo "gotcha" > /etc/passwd
It will fail.
Because you don't have root - it just *looks* like it.
The "malicious" code is:
#include <stdio.h>
#include <stdlib.h>
int getuid() { return(0); }
int geteuid() { return(0); }
int getgid() { return(0); }
int getegid() { return(0); }
int getgroups(int size, int list[]) { list = (int *)malloc(sizeof(int)); return(1); }
The script spawns a new bash using LD_PRELOAD to override the glibc functions
with the above ones.
This does not compromise kernel security in any way what so ever. Not even
close. You *may* be able to trick a naive user, but he won't be able to do
anything bad, because he is not root. Even though he may think he is. And
even though bash may think it is.
> I was stunned, and it seem that is the beginning of a Linux Code Red
> lookalike worm :(((( using that exploit, probably this is not the most
> apropriate place to send this, but I'm not subscribed to the glibc
> mailing list and I just hope that some glibc hackers are on linux kernel
> list also and they see that and do something before we join the ranks of
> M$.
>
> Dead worried,
Don't worry.
>
> Mircea C.
>
> P.S. Please tell me that I'm just being parnoid and that crap didn't
> work on your systems with a lookalike configuration.
You're just being paranoid and that crap didn't work on your system either :)
--
................................................................
: jakob@unthought.net : And I see the elder races, :
:.........................: putrid forms of man :
: Jakob Østergaard : See him rise and claim the earth, :
: OZ9ABN : his downfall is at hand. :
:.........................:............{Konkhra}...............:
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/