On Wed, Jul 18, 2001 at 12:37:15PM -0600, aleph1at_private wrote: > II. Problem Description [snip] > buffer causing the local tcpdump process to crash. In addition, it > may be possible to execute arbitrary code with the privileges of the > user running tcpdump, often root. We see buffer overflows and other security problems in code that run as root only to access the data link layer or similar interfaces many times. Think to tcpdump, ping, traceroute, ... Almost all the people in this list know how is possible to gain the access to the privileged resource in the first lines of code, since in unix usually if you open the device you take the interface, than drop the privileges. This will mitigate a bit this kind of vulnerabilities and is very simple to do. Maybe all the programs that don't do this should be modified: very little effort but a relative enhancment in security. Sure, there are operating system extensions that can handle the problem better, like capabilities, but maybe is important to remember that often setuid() & co. are a way to reach a similar effect in a portable way. regards, antirez -- Salvatore Sanfilippo <antirezat_private> http://www.kyuzz.org/antirez finger antirezat_private for PGP key 28 52 F5 4A 49 65 34 29 - 1D 1B F6 DA 24 C7 12 BF
This archive was generated by hypermail 2b30 : Wed Jul 18 2001 - 14:51:31 PDT