Re: Flaws in recent Linux kernels

From: Mariusz Woloszyn (emsiat_private)
Date: Mon Oct 22 2001 - 02:19:25 PDT

Next message: Alexander Yurchenko: "Non-standard usage of HTTP proxy servers"

Previous message: bugzillaat_private: "[RHSA-2001:114-05] Updated openssh packages available"
In reply to: Martin Kacer: "Re: Flaws in recent Linux kernels"
Next in thread: Pavel Kankovsky: "Re: Flaws in recent Linux kernels"
Next in thread: Solar Designer: "Re: Flaws in recent Linux kernels"
Reply: Pavel Kankovsky: "Re: Flaws in recent Linux kernels"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, 19 Oct 2001, Martin Kacer wrote:

>    PS: What about executing suid binary while some other process has our
> /proc/$$/mem opened for writing? Isn't there the same problem too?
> Unfortunately, I do not have enough time to investigate that.
> 
VERY quick test: opening mem WRONLY returns EINVAL while write().

But opening /proc/%i/exe of a process that executes suid binary works
well. After exec() another process is able to read suid binary.
[Isn't it known behavior???]

Opening mem RDONLY works, but after exec() of setuid binary read() returns
"no such process".

Thinking 'bout mmaping and other tricks...

Tested on 2.2.19.

--
Mariusz Wołoszyn
Internet Security Specialist, Internet Partners

Next message: Alexander Yurchenko: "Non-standard usage of HTTP proxy servers"
Previous message: bugzillaat_private: "[RHSA-2001:114-05] Updated openssh packages available"
In reply to: Martin Kacer: "Re: Flaws in recent Linux kernels"
Next in thread: Pavel Kankovsky: "Re: Flaws in recent Linux kernels"
Next in thread: Solar Designer: "Re: Flaws in recent Linux kernels"
Reply: Pavel Kankovsky: "Re: Flaws in recent Linux kernels"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Oct 22 2001 - 08:51:49 PDT