diff -Nur modutils-2.3.20/ChangeLog modutils-2.3.21/ChangeLog --- modutils-2.3.20/ChangeLog Thu Nov 16 11:40:09 2000 +++ modutils-2.3.21/ChangeLog Wed Nov 22 22:05:39 2000 @@ -1,3 +1,12 @@ +2000-11-21 Keith Owens + + modutils 2.3.21 + + * Remove compile warnings in xstrcat. + * snprintf cleanups. + * Set safemode when uid != euid. + * Strip quotes from shell responses. + 2000-11-16 Keith Owens modutils 2.3.20 diff -Nur modutils-2.3.20/genksyms/lex.l modutils-2.3.21/genksyms/lex.l --- modutils-2.3.20/genksyms/lex.l Fri Apr 14 11:59:15 2000 +++ modutils-2.3.21/genksyms/lex.l Tue Nov 21 19:38:04 2000 @@ -22,7 +22,7 @@ %{ -#ident "$Id: lex.l 1.2 Fri, 14 Apr 2000 11:59:15 +1000 kaos $" +#ident "$Id: lex.l 1.3 Tue, 21 Nov 2000 19:38:04 +1100 kaos $" #include #include @@ -184,7 +184,7 @@ if (dot) *dot = '\0'; f = (f ? f+1 : file); - snprintf(buffer, 1024, "%s/%s.ver", output_directory, f); + snprintf(buffer, sizeof(buffer), "%s/%s.ver", output_directory, f); if ((outfile = fopen(buffer, "w")) == NULL) { diff -Nur modutils-2.3.20/include/module.h modutils-2.3.21/include/module.h --- modutils-2.3.20/include/module.h Thu Nov 16 11:40:09 2000 +++ modutils-2.3.21/include/module.h Wed Nov 22 22:05:39 2000 @@ -23,7 +23,7 @@ #ifndef MODUTILS_MODULE_H #define MODUTILS_MODULE_H 1 -#ident "$Id: module.h 1.5.1.3 Thu, 16 Nov 2000 11:40:09 +1100 kaos $" +#ident "$Id: module.h 1.5.1.4 Wed, 22 Nov 2000 22:05:39 +1100 kaos $" /* This file contains the structures used by the 2.0 and 2.1 kernels. We do not use the kernel headers directly because we do not wish @@ -207,6 +207,6 @@ /* In safe mode the last parameter is forced to be a module name and meta * expansion is not allowed on that name. */ -extern unsigned long safemode; +extern unsigned int safemode; #endif /* module.h */ diff -Nur modutils-2.3.20/include/version.h modutils-2.3.21/include/version.h --- modutils-2.3.20/include/version.h Sun Oct 22 20:18:08 2000 +++ modutils-2.3.21/include/version.h Mon Nov 20 15:45:27 2000 @@ -1 +1 @@ -#define MODUTILS_VERSION "2.3.20" +#define MODUTILS_VERSION "2.3.21" diff -Nur modutils-2.3.20/insmod/modprobe.c modutils-2.3.21/insmod/modprobe.c --- modutils-2.3.20/insmod/modprobe.c Thu Nov 16 10:09:34 2000 +++ modutils-2.3.21/insmod/modprobe.c Tue Nov 21 20:10:54 2000 @@ -1502,7 +1502,7 @@ * then assume modprobe was invoked from kmod and default to safemode, * this should handle existing 2.2 and 2.4 kernels. * - * If MOD_SAFEMODE=1 is present then use safe mode. + * If euid != uid then use safe mode. * * Otherwise assume that we are invoked by a real user, use unsafe * mode with their authority. @@ -1516,21 +1516,13 @@ continue; if (strcmp(*env, "TERM=linux") == 0) continue; - if (strcmp(*env, "PATH=sbin:/usr/sbin:/bin:/usr/bin") == 0) + if (strcmp(*env, "PATH=/sbin:/usr/sbin:/bin:/usr/bin") == 0) continue; safemode = 0; break; } - if (!safemode) { - char *p = getenv("MOD_SAFEMODE"); - if (p) { - safemode = strtoul(p, &p, 0); - if (*p) { - error("Invalid number in MOD_SAFEMODE=%s", getenv("MOD_SAFEMODE")); - exit(1); - } - } - } + if (!safemode && getuid() != geteuid()) + safemode = 1; if (safemode) --argc; /* Do not scan last parameter in getopt */ diff -Nur modutils-2.3.20/man/modprobe.8 modutils-2.3.21/man/modprobe.8 --- modutils-2.3.20/man/modprobe.8 Thu Nov 16 09:29:06 2000 +++ modutils-2.3.21/man/modprobe.8 Tue Nov 21 20:10:54 2000 @@ -2,7 +2,7 @@ .\" Copyright (c) 1995, 1999 Bjorn Ekwall (bj0rn@blox.se) .\" This program is distributed according to the Gnu General Public License. .\" See the file COPYING in the base distribution directory -.\" $Id: modprobe.8 1.8 Thu, 16 Nov 2000 09:29:06 +1100 kaos $ +.\" $Id: modprobe.8 1.9 Tue, 21 Nov 2000 20:10:54 +1100 kaos $ .\" .TH MODPROBE 8 "March 15, 1999" Linux "Linux Module Support" .SH NAME @@ -248,20 +248,20 @@ rmmod(8), modules(2) .SH SAFE MODE -If environment variable MOD_SAFEMODE is set to a non-zero value then -modprobe treats its input with extreme suspicion. The last parameter -is always treated as a module name, even if it starts with '-'. There -can only be one module name and options of the form "variable=value" -are forbidden. The module name is always treated as a string, no meta -expansion is performed in safe mode. However meta expansion is still -applied to data read from the config file. -.PP -MOD_SAFEMODE=1 should be set when modprobe is invoked from the kernel. In -an ideal world modprobe could trust the kernel to only pass valid -parameters to modprobe. However at least one local root exploit has -occurred because high level kernel code passed unverified parameters -direct from the user to modprobe. So modprobe no longer trusts kernel -input. +If the effective uid is not equal to the real uid then modprobe treats +its input with extreme suspicion. The last parameter is always treated +as a module name, even if it starts with '-'. There can only be one +module name and options of the form "variable=value" are forbidden. +The module name is always treated as a string, no meta expansion is +performed in safe mode. However meta expansion is still applied to +data read from the config file. +.PP +euid may not be equal to uid when modprobe is invoked from the kernel, +this is true for kernels >= 2.4.0-test11. In an ideal world modprobe +could trust the kernel to only pass valid parameters to modprobe. +However at least one local root exploit has occurred because high level +kernel code passed unverified parameters direct from the user to +modprobe. So modprobe no longer trusts kernel input. .PP .ne 8 .B modprobe @@ -273,7 +273,8 @@ PATH=/sbin:/usr/sbin:/bin:/usr/bin .fi This detects modprobe execution from the kernel on kernels 2.2 though -2.4.0-test11. +2.4.0-test11, even if uid == euid, which it does on the earlier +kernels. .SH REQUIRED UTILITIES depmod(8), insmod(8) diff -Nur modutils-2.3.20/modutils.spec modutils-2.3.21/modutils.spec --- modutils-2.3.20/modutils.spec Sun Oct 22 20:18:08 2000 +++ modutils-2.3.21/modutils.spec Mon Nov 20 15:45:27 2000 @@ -1,6 +1,6 @@ Summary: Module utilities Name: modutils -Version: 2.3.20 +Version: 2.3.21 Release: 1 Copyright: GPL Group: Utilities/System diff -Nur modutils-2.3.20/util/config.c modutils-2.3.21/util/config.c --- modutils-2.3.20/util/config.c Thu Nov 16 09:29:06 2000 +++ modutils-2.3.21/util/config.c Tue Nov 21 19:38:04 2000 @@ -745,7 +745,7 @@ char **type; for (type = tbtype; *type; ++type) { - char path[100]; + char path[PATH_MAX]; snprintf(path, sizeof(path), "%s%s/%s", base_dir, *pathp, *type); if (meta_expand(path, &g, NULL, version, ME_ALL)) diff -Nur modutils-2.3.20/util/meta_expand.c modutils-2.3.21/util/meta_expand.c --- modutils-2.3.20/util/meta_expand.c Thu Nov 16 09:29:06 2000 +++ modutils-2.3.21/util/meta_expand.c Wed Nov 22 22:05:39 2000 @@ -161,6 +161,7 @@ char *line = NULL; char *p, *p1; char tmpline[PATH_MAX + 1]; + char wrk[sizeof(tmpline)]; char tmpcmd[2*sizeof(tmpline)+20]; /* room for /bin/echo "text" */ g->pathc = 0; @@ -172,7 +173,6 @@ */ if ((p = strchr(pt, '`')) != NULL && (type & ME_BUILTIN_COMMAND)) { do { - char wrk[sizeof(tmpline)]; char *s; for (s = p + 1; isspace(*s); ++s) @@ -226,7 +226,8 @@ * No meta-chars. * Split into words, delimited by whitespace. */ - snprintf(tmpline, sizeof(tmpline), "%s%s", (base_dir ? base_dir : ""), pt); + snprintf(wrk, sizeof(wrk), "%s%s", (base_dir ? base_dir : ""), pt); + strcpy(tmpline, wrk); /* safe, same size */ if ((p = strtok(tmpline, " \t\n")) != NULL) { while (p) { g->pathv = (char **)xrealloc(g->pathv, @@ -293,7 +294,8 @@ */ if (!(type & ME_SHELL_COMMAND)) return 0; - snprintf(tmpline, sizeof(tmpline), "%s%s", (base_dir ? base_dir : ""), pt); + snprintf(wrk, sizeof(wrk), "%s%s", (base_dir ? base_dir : ""), pt); + strcpy(tmpline, wrk); /* safe, same size */ snprintf(tmpcmd, sizeof(tmpcmd), "/bin/echo \""); for (p = tmpline, p1 = tmpcmd + strlen(tmpcmd); *p; ++p, ++p1) { if (*p == '"' || *p == '\\') @@ -326,10 +328,10 @@ pclose(fin); if (line) { - /* Ignore result if no expansion occurred */ - xstrcat(tmpline, "\n", sizeof(tmpline)); - if (strcmp(tmpline, line)) - split_line(g, line, 0); + /* shell used to strip one set of quotes. Paranoia code in + * 2.3.20 stops that strip so we do it ourselves. + */ + split_line(g, line, 1); free(line); } diff -Nur modutils-2.3.20/util/xstrcat.c modutils-2.3.21/util/xstrcat.c --- modutils-2.3.20/util/xstrcat.c Thu Nov 16 09:29:06 2000 +++ modutils-2.3.21/util/xstrcat.c Mon Nov 20 15:46:22 2000 @@ -20,6 +20,8 @@ #ident "$Id" #include +#include +#include #include "util.h"