Local root exploit with kmod and modutils > 2.1.121 | Linux Today

Local root exploit with kmod and modutils > 2.1.121

Written By
Web Webster
Web Webster
Nov 14, 2000
Date: Mon, 13 Nov 2000 21:57:08 +1100
From: Keith Owens <kaos@ocs.com.au>
To: linux-kernel@vger.kernel.org
Subject: Local root exploit with kmod and modutils > 2.1.121

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Content-Type: text/plain; charset=us-ascii

A local root exploit has been found using kernels compiled with kmod
and modutils > 2.1.121.  Kernels without kmod and systems using
modutils 2.1.121 are not affected.

Patch against modutils 2.3.19, it should fit any 2.3 modutils.

Index: 19.7/util/meta_expand.c
- --- 19.7/util/meta_expand.c Sun, 10 Sep 2000 12:56:40 +1100 kaos (modutils-2.3/10_meta_expan 1.4 644)
+++ 19.7(w)/util/meta_expand.c Mon, 13 Nov 2000 21:19:41 +1100 kaos (modutils-2.3/10_meta_expan 1.4 644)
@@ -156,12 +156,8 @@ static int glob_it(char *pt, GLOB_LIST *
  */
 int meta_expand(char *pt, GLOB_LIST *g, char *base_dir, char *version)
 {
- -     FILE *fin;
- -     int len = 0;
- -     char *line = NULL;
        char *p;
        char tmpline[PATH_MAX + 1];
- -     char tmpcmd[PATH_MAX + 11];

        g->pathc = 0;
        g->pathv = NULL;
@@ -277,38 +273,6 @@ int meta_expand(char *pt, GLOB_LIST *g,
                /* Only "=" remaining, should be module options */
                split_line(g, pt, 0);
                return 0;
- -     }
- -
- -     /*
- -      * Last resort: Use "echo"
- -      */
- -     sprintf(tmpline, "%s%s", (base_dir ? base_dir : ""), pt);
- -     sprintf(tmpcmd, "/bin/echo %s", tmpline);
- -     if ((fin = popen(tmpcmd, "r")) == NULL) {
- -             error("Can't execute: %s", tmpcmd);
- -             return -1;
- -     }
- -     /* else */
- -
- -     /*
- -      * Collect the result
- -      */
- -     while (fgets(tmpcmd, PATH_MAX, fin) != NULL) {
- -             int l = strlen(tmpcmd);
- -
- -             line = (char *)xrealloc(line, len + l + 1);
- -             line[len] = '';
- -             strcat(line + len, tmpcmd);
- -             len += l;
- -     }
- -     pclose(fin);
- -
- -     if (line) {
- -             /* Ignore result if no expansion occurred */
- -             strcat(tmpline, "n");
- -             if (strcmp(tmpline, line))
- -                     split_line(g, line, 0);
- -             free(line);
        }

        return 0;

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.3 (GNU/Linux)
Comment: Exmh version 2.1.1 10/15/1999

iD8DBQE6D8kEi4UHNye0ZOoRAmVTAKCktbi9DI5t0sj8wd1/vjLtgwVW6QCgnO0L
mVbPskoIGSSyTE8I9K7FcAg=
=Z1/L
-----END PGP SIGNATURE-----
Web Webster

Web Webster

Web Webster has more than 20 years of writing and editorial experience in the tech sector. He’s written and edited news, demand generation, user-focused, and thought leadership content for business software solutions, consumer tech, and Linux Today, he edits and writes for a portfolio of tech industry news and analysis websites including webopedia.com, and DatabaseJournal.com.

Linux Today Logo

LinuxToday is a trusted, contributor-driven news resource supporting all types of Linux users. Our thriving international community engages with us through social media and frequent content contributions aimed at solving problems ranging from personal computing to enterprise-level IT operations. LinuxToday serves as a home for a community that struggles to find comparable information elsewhere on the web.

Property of TechnologyAdvice. © 2026 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.