Bugtraq mailing list archives

By Date

By Thread

Re: load.root (loadmodule hole)

Brad Powell <Brad.Powell () Eng Sun COM> writes:

loadmodule also gets called when you "load modules" such as
PC NFS, or SunPC, or WABI, ect.. it also gets called by applications
such as printer software packages to load their device driver.

I't a useful utility but _very_ insecure.
Its replaced in solaris 2.X

Err, are we talking about /usr/openwin/bin/loadmodule under SunOS 4.x?
Loading WABI modules? Etc?

Are you sure you're not confusing this with /usr/kvm/modload, a
non-setuid program which loads modules into kernel, and which is invoked
by the (setuid) loadmodule program?


Dave.

* David Mitchell, Systems Administrator,    email: D.Mitchell () dcs shef ac uk
* Dept. Computer Science, Sheffield Uni.    phone: +44 114-282-5573
* 211 Portobello St, Sheffield S1 4DP, UK.  fax:   +44 114-278-0972
*
* Standards (n). Battle insignia or tribal totems
*
* >>>> Support Randal Schwartz! email fund () stonehenge com for info <<<<<

By Date

By Thread

Current thread:

• Re: load.root (loadmodule hole), (continued)
• • Re: load.root (loadmodule hole) Urban (Sep 15)
    • Re: load.root (loadmodule hole) Fred Blonder (Sep 15)
      • Re: load.root (loadmodule hole) Pat The Friendly RedNeck (Sep 15)
    • Re: load.root (loadmodule hole) Urban (Sep 18)
    • INN1.4sec on Linux Olaf Kirch (Sep 18)
      • Re: INN1.4sec on Linux Dave Barr (Sep 25)
  • Re: load.root (loadmodule hole) Brad Powell (Sep 15)
    • Re: load.root (loadmodule hole) Karl Strickland (Sep 17)
    • Re: load.root (loadmodule hole) Casper Dik (Sep 26)
  • Re: load.root (loadmodule hole) Brad Powell (Sep 16)
  • Re: load.root (loadmodule hole) Dave Mitchell (Sep 18)