Re: Potential security problem with mtr

From: Viktor Fougstedt (viktorat_private)
Date: Fri Mar 03 2000 - 12:26:37 PST

Next message: Rogier Wolff: "mtr-0.42 is out."

Previous message: Ussr Labs: "con\con is a old thing (anyway is cool)"
Maybe in reply to: Viktor Fougstedt: "Potential security problem with mtr"
Next in thread: Viktor Fougstedt: "Re: Potential security problem with mtr"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, 3 Mar 2000, LaMont Jones wrote:

> > Since the saved uid survives across fork() and exec(), any buffer
> > overrun or similar bug in mtr is just as bad as if mtr had never done
> > the seteuid() at all.
>
> Saved-uid should get dropped on exec(), shouldn't it?
>

I stand corrected. Saved uid is set to the effective uid on
exec. Makes it harder to do nasty stuff with it.


/Viktor...

--|     Viktor Fougstedt, system administrator at dtek.chalmers.se     |--
--|                http://www.dtek.chalmers.se/~viktor/                |--
--| ...soon we'll be sliding down the razor blade of life. /Tom Lehrer |--

Next message: Rogier Wolff: "mtr-0.42 is out."
Previous message: Ussr Labs: "con\con is a old thing (anyway is cool)"
Maybe in reply to: Viktor Fougstedt: "Potential security problem with mtr"
Next in thread: Viktor Fougstedt: "Re: Potential security problem with mtr"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:39:02 PDT