Hey there, Ok just hold on: What would be the advantages of exploiting something which would spawn the "slocate" group privileges? Maybe browsing users' directories? No root yet... -- mips On Fri, 15 Feb 2002 11:10:00 -0200 Rodrigo Barbosa <rodrigobat_private> wrote: > On Thu, Feb 14, 2002 at 11:39:17AM -0500, KF wrote: > > Heres the details on Mandrake Linux > Here are on Conectiva Linux > > > [elguapo@linux elguapo]$ ls -al `which slocate` > > -rwxr-sr-x 2 root slocate 24956 Apr 6 2001 > > /usr/bin/slocate* > > frodo [/home/rodrigob] > ls -al `which slocate` > -rwxr-sr-x 1 root slocate 32300 Jan 23 15:13 /usr/bin/slocate > > > [elguapo@linux elguapo]$ uname -a > > Linux linux.ckfr.com 2.4.3-20mdk #1 Sun Apr 15 23:03:10 CEST 2001 i686 > > unknown > > frodo [/home/rodrigob] > uname -a > Linux frodo.bh.tisbrasil 2.4.17-13cl #1 Fri Feb 1 18:33:09 BRST 2002 i686 unknown > > > [elguapo@linux elguapo]$ cat /etc/redhat-release > > Linux Mandrake release 8.0 (Traktopel) for i586 > > frodo [/home/rodrigob] > cat /etc/conectiva-release > Conectiva Linux BETA (RdL) > > (Note: This is the snapshot version) > > > [elguapo@linux elguapo]$ slocate -r `perl -e 'print "A" x 65026'` > > Segmentation fault > > frodo [/home/rodrigob] > slocate -r `perl -e 'print "A" x 65026'` > fatal error: error: slocate: regular expression: Regular expression too big > > > #0 0x400eeb69 in regerror () from /lib/libc.so.6 > > #1 0x0804aa99 in strcpy () > > This looks like a bug I fixed on Aug 2000 (and sent back to the maintainer) > > * Wed Aug 23 2000 Rodrigo Barbosa <rodrigobat_private> > > - Improved patch for glibc >= 2.1.90 > - Fixed buffer overflow on misc.c:load_file > > -- > Rodrigo Barbosa - rodrigob at tisbrasil.com.br > TIS - Belo Horizonte, MG, Brazil > "Quis custodiet ipsos custodiet?" - http://www.tisbrasil.com.br/ > Brainbench Certified -> Transcript ID #3332104 >
This archive was generated by hypermail 2b30 : Fri Feb 15 2002 - 18:26:02 PST