Re: pmpost - another nice symlink follower

From: Lynton Clamp (lyntonat_private)
Date: Tue Jun 19 2001 - 02:08:06 PDT

Next message: Lincoln Yeoh: "Re: [Fwd: Re: Cross-Site Request Forgeries (Re: The Dangers of Allowing Users to Post Images)]"

Previous message: Keith Owens: "Re: pmpost - another nice symlink follower"
In reply to: Paul Starzetz: "pmpost - another nice symlink follower"
Next in thread: Dale Southard: "Re: pmpost - another nice symlink follower"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Found the same on one of our SuSE 7.1 workstations and can confirm that it
works on that as well.

Regards,

Lynton


On 2001.06.18 19:11:20 +0200 Paul Starzetz wrote:
> Hi,
> 
> there is a symlink handling problem in the pcp suite from SGI. The
> binary pmpost will follow symlinks, if setuid root this leads to instant
> root compromise, as found on SuSE 7.1 (I doubt that this a default SuSE
> package, though).
>

Next message: Lincoln Yeoh: "Re: [Fwd: Re: Cross-Site Request Forgeries (Re: The Dangers of Allowing Users to Post Images)]"
Previous message: Keith Owens: "Re: pmpost - another nice symlink follower"
In reply to: Paul Starzetz: "pmpost - another nice symlink follower"
Next in thread: Dale Southard: "Re: pmpost - another nice symlink follower"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Jun 19 2001 - 07:52:03 PDT