NC Agent wrote: > Hi people, > > again it is time to discover a funny bug inside the Linux execve() > system call. > ... > Obviously the setuid binary has been duplicated :-) (but with no > setuid flag of course). You mean there are actually still people who believe that granting x permission but not r permission actually prevents people from reading the file? I mean besides the crowd that believes in Santa Clause, the Easter Bunny, and Jesus :) I expect there to be a large number of ways to do this. This particular hack is cute, though :) Crispin, equal opportunity offender :) -- Crispin Cowan, Ph.D. http://immunix.com/~crispin/ Chief Scientist, Immunix http://immunix.com http://www.immunix.com/shop/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
This archive was generated by hypermail 2b30 : Fri Jun 27 2003 - 22:01:00 PDT