Was this tested on OpenBSD 2.8 release or stable? I have tested your exploit on my OpenBSD 2.8 stable box and was unable to get a root shell. I tried it a few times with core dumps and then it did work a couple times but there was no link in /tmp. I went ahead and rebooted my box, never executed /usr/bin/su and your code executed fine with no core dumps but still had the same results with no link in /tmp. Im no C coder but im sure this has something to do with the amount of fork()'s in $num or the value of $joro. my box is a P233 MMX with 64 megs of memory. Brian ----------------------------------------- snip ---------------------------------------------- Georgi Guninski security advisory #47, 2001 OpenBSD 2.9,2.8 local root compromise Systems affected: OpenBSD 2.9,2.8
This archive was generated by hypermail 2b30 : Fri Jun 15 2001 - 10:10:23 PDT