Re: nonsuid overflows... still at risk?

From: KF (dotslashat_private)
Date: Wed Jun 06 2001 - 04:35:35 PDT

Next message: KF: "Re: TCSH problems?"

Previous message: Michal Zalewski: "Re: nonsuid overflows... still at risk?"
In reply to: Michal Zalewski: "Re: nonsuid overflows... still at risk?"
Next in thread: Michal Zalewski: "Re: nonsuid overflows... still at risk?"
Reply: Michal Zalewski: "Re: nonsuid overflows... still at risk?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

exactly what I was thinking... crontab -e calls vi to open the users
crontab...
this is why I was wondering if it could be exploited due to the fact
that crontab is suid. 
-KF 

Michal Zalewski wrote:
> 
> On Tue, 5 Jun 2001, KF wrote:
> 
> > # crontab -e
> > note there was no message about it but there is a new core file.
> > # ls core
> > core
> >
> > input anyone?
> 
> # file core
> 
> I bet it is $EDITOR that crashed, crontab itself is not using $TERM for
> any purposes, IIRC... Try screen.
> 
> --
> _____________________________________________________
> Michal Zalewski [lcamtufat_private] [security]
> [http://lcamtuf.coredump.cx] <=-=> bash$ :(){ :|:&};:
> =-=> Did you know that clones never use mirrors? <=-=

Next message: KF: "Re: TCSH problems?"
Previous message: Michal Zalewski: "Re: nonsuid overflows... still at risk?"
In reply to: Michal Zalewski: "Re: nonsuid overflows... still at risk?"
Next in thread: Michal Zalewski: "Re: nonsuid overflows... still at risk?"
Reply: Michal Zalewski: "Re: nonsuid overflows... still at risk?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Jun 06 2001 - 11:28:14 PDT