Re: question on an exploit

From: Ed Rolison (ed.rolisonat_private)
Date: Mon May 21 2001 - 08:19:51 PDT

Next message: Devdas Bhagat: "Re: IE 5.x (5.50.4522.1800 SP1) Crash at gopher://:"

Previous message: Marius Huse Jacobsen: "Re: IE 5.x (5.50.4522.1800 SP1) Crash at gopher://:"
Maybe in reply to: roland kwitt: "question on an exploit"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Could the filesystem be mounted no-setuid? This is a fairly common feature 
because basically in user space there's rarely a need for setuid binaries.
actually, come to think of it, you might need the program to make a 'setuid(0)' 
system call. Otherwise it'll not try and grab the higher permissions. (as an 
example, stick a setuid flag on a shell, and then run it. IIRC it doesn't change 
uid.

Next message: Devdas Bhagat: "Re: IE 5.x (5.50.4522.1800 SP1) Crash at gopher://:"
Previous message: Marius Huse Jacobsen: "Re: IE 5.x (5.50.4522.1800 SP1) Crash at gopher://:"
Maybe in reply to: roland kwitt: "question on an exploit"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon May 21 2001 - 09:29:48 PDT