|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Re: Potential security problem with mtr
From: Viktor Fougstedt (viktor
DTEK.CHALMERS.SE)Date: Fri Mar 03 2000 - 14:26:37 CST
- Next message: bugzillaREDHAT.COM: "[RHSA-2000:006-01] New nmh packages available"
- Previous message: Ussr Labs: "con\con is a old thing (anyway is cool)"
- In reply to: LaMont Jones: "Re: Potential security problem with mtr"
- Next in thread: Jeff Dafoe: "Re: Potential security problem with mtr - fixed"
- Reply: Viktor Fougstedt: "Re: Potential security problem with mtr"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Fri, 3 Mar 2000, LaMont Jones wrote:
> > Since the saved uid survives across fork() and exec(), any buffer
> > overrun or similar bug in mtr is just as bad as if mtr had never done
> > the seteuid() at all.
>
> Saved-uid should get dropped on exec(), shouldn't it?
>
I stand corrected. Saved uid is set to the effective uid on
exec. Makes it harder to do nasty stuff with it.
/Viktor...
--| Viktor Fougstedt, system administrator at dtek.chalmers.se |--
--| http://www.dtek.chalmers.se/~viktor/ |--
--| ...soon we'll be sliding down the razor blade of life. /Tom Lehrer |--
- Next message: bugzillaREDHAT.COM: "[RHSA-2000:006-01] New nmh packages available"
- Previous message: Ussr Labs: "con\con is a old thing (anyway is cool)"
- In reply to: LaMont Jones: "Re: Potential security problem with mtr"
- Next in thread: Jeff Dafoe: "Re: Potential security problem with mtr - fixed"
- Reply: Viktor Fougstedt: "Re: Potential security problem with mtr"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]