[prev in list] [next in list] [prev in thread] [next in thread]
List: full-disclosure
Subject: [Full-Disclosure] Re: [Security] [vendor-sec] Linux 2.4.x execve() file read race vulnerability
From: Crispin Cowan <crispin () immunix ! com>
Date: 2003-06-27 22:29:27
[Download RAW message or body]
NC Agent wrote:
> Hi people,
>
> again it is time to discover a funny bug inside the Linux execve()
> system call.
> ...
> Obviously the setuid binary has been duplicated :-) (but with no
> setuid flag of course).
You mean there are actually still people who believe that granting x
permission but not r permission actually prevents people from reading
the file? I mean besides the crowd that believes in Santa Clause, the
Easter Bunny, and Jesus :) I expect there to be a large number of ways
to do this. This particular hack is cute, though :)
Crispin, equal opportunity offender :)
--
Crispin Cowan, Ph.D. http://immunix.com/~crispin/
Chief Scientist, Immunix http://immunix.com
http://www.immunix.com/shop/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic