Hi Jan-Hendrik, That's the behaviour I would expect from xmonisdn. A setuid binary shouldn't dump core if it's being executed by a user which doesn't match the ownership of the binary. Therefore I think there are two problems: 1) (small) bug in xmonisdn 2) a bug in my Linux system. The problem appeared on my desktop system (RedHat kernel 2.2.5-15), but I couldn't reproduce it on one of my other Linux systems (using kernels 2.0.36 and 2.2.12-OpenWall). -- Ron van Daal | Syntonic Internet | tel. +31(0)46-4230738 ronvdaalat_private | www.syntonic.net | fax. +31(0)46-4230739 On Wed, 20 Oct 1999, Jan-Hendrik Terstegge wrote: > On Tue, 19 Oct 1999 Ron wrote: > > While playing with xmonisdn (included in the isdn4k-utils package), > > I discovered a little bug. I didn't find anything regarding xmonisdn > > in the Bugtraq archives, so here's a quick post. > > I'm wondering if other xmonisdn users can reproduce this exploit. > > (Tested on my workstation, which is running Red Hat Linux 6.0) > >[... exploit ...] > I tried the exploit on my workstations, running SuSE Linux 6.1 and 6.2 but it > seems as if it was an only RedHat Linux exploit. > This was my try to exploit myself. When I make the 'killall -8 xmonisdn' my > xmonisdn dies only with an Floating exception but it doesn't dump a core. > > ---snip--- > [pts/0@tatooine] /usr/bin > pwd; ls -al xmonisdn > /usr/bin > -rwsr-xr-x 1 root root 15340 Jul 23 01:20 xmonisdn > [pts/0@tatooine] /usr/bin > xmonisdn -file /etc/shadow > > [1] + Stopped xmonisdn -file /etc/shadow > [pts/0@tatooine] /usr/bin > bg > [1] xmonisdn -file /etc/shadow & > [pts/0@tatooine] /usr/bin > killall -8 xmonisdn > [1] Floating exception xmonisdn -file /etc/shadow > [pts/0@tatooine] /usr/bin > strings core |less > strings: core: File or Directory not found > ---snip--- > > > -- > Jan-Hendrik Terstegge > <sysadminat_private> >
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:08:01 PDT