Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Bugtraq> 1996_4

Bugtraq archives for 4th quarter (Oct-Dec) 1996: Re: HP-UX setprivgrp()

Re: HP-UX setprivgrp()

Dominique Quatravaux (quatravaclipper.ens.fr)
Thu, 7 Nov 1996 22:51:54 +0100

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: SGI Security Coordinator: "BoS: SGI Security Advisory 19961101 - Vulnerabilities in systour and OutOfBox"
Previous message: Eduardo E. Silva: "HP-UX setprivgrp()"
Next in thread: Valdis.Kletnieksvt.edu: "Re: HP-UX setprivgrp()"

>
>Maybe a race condition can be won between the times the setuid bits
>are changed by chown().

  Don't bother trying, system calls are atomic... but you can use this
feature to work around filesystem quotas for example. I can't see any
other evil use of this feature : I can't see why giving a file to
somebody else could be harmful. Well, of course it can be done in
the wrong place, so a naive user who chmoded 777 his home directory
could be given a .rhosts...

  OTOH, does this feature allow you to do it the other way round ?
Sort of things like :

  chown myself /etc/passwd
  vi /etc/passwd
  chown root /etc/passwd

  Well _that_ would be interesting enough :-).

>
>-Ed
--
<< Tout n'y est pas parfait, mais on y honore certainement les jardiniers >>
                                Dominique QUATRAVAUX
                                (Dominique.Quatravauxens.fr)

Next message: SGI Security Coordinator: "BoS: SGI Security Advisory 19961101 - Vulnerabilities in systour and OutOfBox"
Previous message: Eduardo E. Silva: "HP-UX setprivgrp()"
Next in thread: Valdis.Kletnieksvt.edu: "Re: HP-UX setprivgrp()"