|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
[Full-disclosure] Linux Kernel 2.6.x PRCTL Core Dump Handling - simple workaround
From: PERFECT.MATERIAL (perfect.material
gmail.com)
Date: Thu Jul 13 2006 - 18:55:10 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Matt Murphy write:
>If you actually bothered to read ANY of the vendor advisories on this
>issue, you'd know why. The vulnerability exists because the kernel
>DOES NOT VERIFY write permissions to core dump directories. If your
>users actually have write permissions to /etc/cron.d, do the world a
>favor and disconnect from the internet as soon as humanly possible.
I think the nigger is calling the kettle a junglebunny here. Do you know
how CHDIR(2) works Matthew Murphy? Try to CHDIR(2) into a directory to
which you do not have execute privileges!!!
PERFECT.MATERIAL
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]