Re: Linux kernel setgid implementation flaw

From: Wietse Venema (wietseat_private)
Date: Fri Jul 19 2002 - 09:48:49 PDT

Next message: Russell Mann: "RE: Norton AV 2002 rewriting SMTP, breaking TLS"

Previous message: 3APA3A: "Re: Domain password logon authentication bug in Windows 2000 Advanced Server Domain Controller"
In reply to: FozZy: "Re: Linux kernel setgid implementation flaw"
Next in thread: FozZy: "Re: Linux kernel setgid implementation flaw"
Reply: FozZy: "Re: Linux kernel setgid implementation flaw"
Reply: FozZy: "Re: Linux kernel setgid implementation flaw"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

FYI,

The August USENIX Security conference has a good paper that examines
in depth the semantics of UID and GID setting calls for Solaris,
FreeBSD and Linux. The differences are quite remarkable.

	Wietse

Setuid Demystified, by Hao Chen, David Wagner, UC Berkeley; Drew
Dean, SRI International
www.cs.berkeley.edu/~daw/papers/setuid-usenix02.pdf

Next message: Russell Mann: "RE: Norton AV 2002 rewriting SMTP, breaking TLS"
Previous message: 3APA3A: "Re: Domain password logon authentication bug in Windows 2000 Advanced Server Domain Controller"
In reply to: FozZy: "Re: Linux kernel setgid implementation flaw"
Next in thread: FozZy: "Re: Linux kernel setgid implementation flaw"
Reply: FozZy: "Re: Linux kernel setgid implementation flaw"
Reply: FozZy: "Re: Linux kernel setgid implementation flaw"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Jul 19 2002 - 11:06:39 PDT