Re: nonsuid overflows... still at risk?

From: Michal Zalewski (lcamtufat_private)
Date: Wed Jun 06 2001 - 08:02:21 PDT

Next message: KF: "Re: nonsuid overflows... still at risk?"

Previous message: KF: "Re: nonsuid overflows... still at risk?"
Next in thread: KF: "Re: nonsuid overflows... still at risk?"
Reply: KF: "Re: nonsuid overflows... still at risk?"
Reply: Tomasz Grabowski: "crontab and sgid (was: nonsuid overflows... still at risk?)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, 6 Jun 2001, KF wrote:

> exactly what I was thinking... crontab -e calls vi to open the users
> crontab... this is why I was wondering if it could be exploited due to
> the fact that crontab is suid.

Not really. As long as crontab itself is not broken, it should invoke vi
without additional priviledges. Otherwise, you can always type ':!sh' in
command mode and you do not need buffers overflows to do that.

-- 
_____________________________________________________
Michal Zalewski [lcamtufat_private] [security]
[http://lcamtuf.coredump.cx] <=-=> bash$ :(){ :|:&};:
=-=> Did you know that clones never use mirrors? <=-=

Next message: KF: "Re: nonsuid overflows... still at risk?"
Previous message: KF: "Re: nonsuid overflows... still at risk?"
Next in thread: KF: "Re: nonsuid overflows... still at risk?"
Reply: KF: "Re: nonsuid overflows... still at risk?"
Reply: Tomasz Grabowski: "crontab and sgid (was: nonsuid overflows... still at risk?)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Jun 06 2001 - 11:23:30 PDT