I agree, Why would anyone want to do it? None the less it is still a problem/bug that should be fixed. If you choose to be ignorant and assume that people do not do stupid things then please do not try to force that on me. On Tue, 2002-01-15 at 20:27, Pavel Kankovsky wrote: > On 15 Jan 2002, l0rt wrote: > > > Program : ddd > > OS : Linux > > DISTRO : RedHat 7.1 > > Issue : 0x41414141 (no core tho) > > Home Page: http://www.gnu.org/software/ddd/ > > suid : No > > sgid : No > > Issue : ddd may be called by an suid helper binary and could be > > exploited to gain local root access. > > Why the hell would anyone ever want to invoke a *debugger* frontend via a > setuid helper?! Anyone stupid enough to do anything like that would create > multiple security holes an order of magnitude bigger than this little > buffer overflow in ddd! > > --Pavel Kankovsky aka Peak [ Boycott Microsoft--http://www.vcnet.com/bms ] > "Resistance is futile. Open your source code and prepare for assimilation." > > -- -l0rt- Strategic Reconnaissance Team Team Key ID: ACFCBD01 l0rt Key ID: 47BF3F87 ------------------------------------------ "That secret you've been guarding, isn't."
This archive was generated by hypermail 2b30 : Wed Jan 16 2002 - 14:35:34 PST