Re: Tracing by uid u after root does setuid(u)

From: Gene Spafford (spafat_private)
Date: Wed Jan 13 1999 - 18:35:21 PST

Next message: dpk: "Re: Network Scan Vulnerability [SUMMARY]"

Previous message: Casper Dik: "Re: Tracing by uid u after root does setuid(u)"
Maybe in reply to: D. J. Bernstein: "Tracing by uid u after root does setuid(u)"
Next in thread: Darren J Moffat - Enterprise Services OS Product Support Group: "Re: Tracing by uid u after root does setuid(u)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Isn't this a bit of a stretch?

> Many programs that use setuid() can be exploited this way. For example,
> you lose all security if you use the chdir()/setuid() mechanism
> suggested by Steve Bellovin and Gene Spafford.

*All* security?  Maybe I'm particularly dense this evening, but I
don't see how tracing execution causes you to lose "all security"
unless you are defining that term very differently from the way I do.

--spaf

Next message: dpk: "Re: Network Scan Vulnerability [SUMMARY]"
Previous message: Casper Dik: "Re: Tracing by uid u after root does setuid(u)"
Maybe in reply to: D. J. Bernstein: "Tracing by uid u after root does setuid(u)"
Next in thread: Darren J Moffat - Enterprise Services OS Product Support Group: "Re: Tracing by uid u after root does setuid(u)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:28:48 PDT