'[Full-Disclosure] Re: [Security] [vendor-sec] Linux 2.4.x execve() file read race vulnerability'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       full-disclosure
Subject:    [Full-Disclosure] Re: [Security] [vendor-sec] Linux 2.4.x execve() file read race	vulnerability
From:       Crispin Cowan <crispin () immunix ! com>
Date:       2003-06-27 22:29:27
[Download RAW message or body]

NC Agent wrote:

> Hi people,
>
> again it is time to discover a funny bug inside the Linux execve() 
> system call.
> ...
> Obviously the setuid binary has been duplicated :-) (but with no 
> setuid flag of course). 

You mean there are actually still people who believe that granting x 
permission but not r permission actually prevents people from reading 
the file? I mean besides the crowd that believes in Santa Clause, the 
Easter Bunny, and Jesus :) I expect there to be a large number of ways 
to do this. This particular hack is cute, though :)

Crispin, equal opportunity offender :)

-- 
Crispin Cowan, Ph.D.           http://immunix.com/~crispin/
Chief Scientist, Immunix       http://immunix.com
            http://www.immunix.com/shop/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic