About Archive Tags RSS Feed


We all have earned a lightness

3 July 2007 21:50


One of the very few good things about my partner being away to the US for the next six weeks is that I can catch up on watching films which she doesn't like!

Every weekend we go out and spend £10-15 pounds on 2-3 second-hand DVDs from local stores. That gives us something new to watch every week, and is a fun way to spend a day shopping together, in amongst doing other things.This has meant I've watched an awful lot of (awful!) films I'd never have previously considered, but I've also found a few gems I'm glad I got to see.

The down-side is that we don't often watch films we've already got, since we don't have the time to do so.

Anyway tonight is Aliens & Battle Royale..

Source Scanning

A little more progress on that this week, another local root attack, a symlink attack against the Amaya browser and a potential root attack against evms.

The EVMS bug is frustrating because the code is contained in a plugin which appears to never get built. I've tried searching the web for more details, but unfortunately I couldn't find anything.

So in the interest of demonstration here's how you should not write code which runs as root:

        if(system("lsrsrc -axd IBM.PeerNode > /tmp/rsct_node_info") == -1){
                LOG_ERROR("ERROR:get_nodes_info() fails ");

Why is this bad? Because it users a static filename /tmp/rsct_node_info - and that could be a symlink. Consider what happens if a local user were to run:

skx@vain:~$ ln -s /etc/passwd /tmp/rsct_node_info

The EVMS plugin would happily trash the /etc/passwd file, rendering the system broken...

If this works on other distros that I couldn't spot don't tell anybody; it'll be our little secret ;)


Today I rebooted, to make sure that purging EVMS hadn't screwed with my initrd - and found errors relating to failure to load "keyboard" driver(s).

Turns out you need to change:

Section "InputDevice"
        Identifier      "Generic Keyboard"
        Driver          "keyboard"
        Option          "CoreKeyboard"


Section "InputDevice"
        Identifier      "Generic Keyboard"
        Driver          "kbd"
        Option          "CoreKeyboard"

That took a fair bit of head-scratching.

| No comments