On Thu, Oct 08, 1998 at 12:08:13AM -0500, onix wrote: > Possible security risk in setuid zgv 4.1 which may lead to local root > comprimise. zgv is installed setuid root by default. --snip-- i found this overrun some months ago and even tried to exploit it... all i got was a shell with MY uid... then i posted it to the security auditing mailinglist and Alan Cox pointed out that vga_init() drops root privileges.. all you can gain from this overrun is video display access. for the whole thread check out the secau mailinglist archives at http://science.nas.nasa.gov/Pubs/Mail/archive/linux-security-audit/ or http://www2.merton.ox.ac.uk/~security/ bye, paul PS: you can also overflow zgv using an overlong HOME enviroment variable. -- .----------------------------------------------------------------------. | mail: pbat_private :: url: http://paul.boehm.org | | irc: infected :: pgp: finger pbat_private | pgp -fka | \.....Linux is like a wigwam - no windows, no gates, apache inside..../
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:19:09 PDT