On Fri, 2002-03-15 at 18:39, sekureat_private wrote: > In my Debian Potato r5 and Conectiva Linux 7 it worked too! > But i would ask the some thing, why find a bug in awk and exploit it ? > 1) It isn't suid root in linux. > 2) doesn't used in web applications > Then, why exploit it ? Simple: awk is such a basic application that's likely being used in many scripts, some of which, probably, as root. It doesn't need being suid. All it needs is being run by root. If something's suid, it just means that anyone that can execute, will run the program as if he was the owner (usually root on system binaries). Hugs, rui -- + No matter how much you do, you never do enough -- unknown + Whatever you do will be insignificant, | but it is very important that you do it -- Ghandi + So let's do it...?
This archive was generated by hypermail 2b30 : Fri Mar 15 2002 - 16:38:53 PST