[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] atd (was: Re: [oss-security] Re: Healing the bash fork)
From:       Seth Arnold <seth.arnold () canonical ! com>
Date:       2014-09-29 20:06:34
Message-ID: 20140929200634.GA31580 () hunt
[Download RAW message or body]


On Mon, Sep 29, 2014 at 09:59:47AM -0600, Eric Blake wrote:
> So even on Debian, where /bin/sh is dash, this script attempts to
> execute the file named /tmp/exploit=me, possibly under the privileges of
> 'at' rather than as the user that created the file.  No bash needed.

Where does 'at' use the privileges of the at daemon when executing
scripts?

With just a quick check of the atd sources it looks like privileges are
properly changed before executing the script:

http://sources.debian.net/src/at/3.1.15-1/atd.c/#L380

Thanks

["signature.asc" (application/pgp-signature)]

[prev in list] [next in list] [prev in thread] [next in thread]