> The SUID program klock shipped with KDE 1.0 attempts to execute > kblankscrn.kss in the same directory as it. If kblankscrn.kss cannot > be executed (missing or mode -x) then klock will search the current > user's $PATH for any executable with the same name and execute it as > ROOT. If no executable is found in the current path it gives this > message: How does klock know which directory it is itself in? As far as I know, there is no secure way for a program to find out where its own executable is located, therefore it should also be able to convince it to execute a trojan kblankscrn.kss without having to move anything? -Phil
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:23:45 PDT