Re: nonsuid overflows... still at risk?

From: KF (dotslashat_private)
Date: Wed Jun 06 2001 - 04:59:56 PDT

Next message: Michal Zalewski: "Re: nonsuid overflows... still at risk?"

Previous message: Yonatan Bokovza: "RE: TCSH problems?"
Next in thread: Tomasz Grabowski: "crontab and sgid (was: nonsuid overflows... still at risk?)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Michal Zalewski wrote:
> 
> Not really. As long as crontab itself is not broken, it should invoke vi
> without additional priviledges. 

Thats the part that I was wondering about ... the level of priviledges
at the point
that crontab invoked vi... I wasn't sure if some setreuid code could be
used or not... 
so I assume the same goes for more and pg ... just so long as the
programs that would call them are not in a state of elevated privs at
the point that $PAGER is used the hole should not be exploitable. 
-KF

Next message: Michal Zalewski: "Re: nonsuid overflows... still at risk?"
Previous message: Yonatan Bokovza: "RE: TCSH problems?"
Next in thread: Tomasz Grabowski: "crontab and sgid (was: nonsuid overflows... still at risk?)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Jun 06 2001 - 11:18:06 PDT