Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Fri, 11 Mar 2011 17:36:51 +0300
From: Vasiliy Kulikov <segoon@...nwall.com>
To: oss-security@...ts.openwall.com
Subject: Re: CVE request: kernel: CAP_SYS_MODULE bypass via
 CAP_NET_ADMIN

On Thu, Feb 24, 2011 at 15:54 -0800, Kees Cook wrote:
> "ifconfig $module" will load any module as long as the process
> has CAP_NET_ADMIN (ignoring CAP_SYS_MODULE)."

This was fixed in 8909c9ad8ff:

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=8909c9ad8ff03611c9c96c9a92656213e4bb495b

-- 
Vasiliy Kulikov
http://www.openwall.com - bringing security into open computing environments

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.