|
|
|
|
|
|
by andikleen2
2041 days ago
|
|
|
Seems trivial to exploit the kernel module: struct network_activity * activity = NLMSG_DATA(nlh);
<untrusted data from the netlink socket>
append_rule(activity->process_path, (activity->allowed == 1));
...append_rule:
// Don't do anything if the process_path length is > PATH_LENGTH
if (strlen(process_path) > PATH_LENGTH)
return; But nobody enforces the process_path has a terminating 0 byte, so likely it can be abused for all kinds of attacks on the kernel. Better don't run it anywhere you care about security. I found this from about 2 minutes code reading, so likely there wasn't any code audit done ever. |
|
|