drowfalse.org

• Next message: David A. Wagner: "Re: static analysis"
• Previous message: Sean Hunter: "Re: static analysis"
• In reply to: Chris Evans: "Re: format bugs, in addition to the wuftpd bug"
• Next in thread: Jeff Uphoff: "Re: format bugs, in addition to the wuftpd bug"
• Reply: Daniel Jacobowitz: "Re: format bugs, in addition to the wuftpd bug"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, Jun 28, 2000 at 01:20:50PM +0100, Chris Evans wrote:
>
> On Wed, 28 Jun 2000, Olaf Kirch wrote:
>
> > In the long run, statd should be replaced by a leaner mechanism. In the
> > meanwhile it may be useful to make it drop privs at startup since it
> > doesn't really need root or some such.
>
> I've got a patch to sort the dropping of privs (you need to grab a low
> socket first). I'll post it tonight, probably after investigating
> chroot() as well.

Patch would be much appreciated. I had to do some fairly unpleasant
things for the cache issues I mentioned earlier, but I have a fairly
generic exploit for this problem working on Linux/PowerPC - exploiting
it on, e.g., ia32 would be no thought at all. The whole thing took
about six or seven hours, and should apply with minimal change to any
other syslog() or multiple-printf vulnerability.

Dan

/--------------------------------\ /--------------------------------\
| Daniel Jacobowitz |__| SCS Class of 2002 |
| Debian GNU/Linux Developer __ Carnegie Mellon University |
| dandebian.org | | dmj+andrew.cmu.edu |
\--------------------------------/ \--------------------------------/

• Next message: David A. Wagner: "Re: static analysis"
• Previous message: Sean Hunter: "Re: static analysis"
• In reply to: Chris Evans: "Re: format bugs, in addition to the wuftpd bug"
• Next in thread: Jeff Uphoff: "Re: format bugs, in addition to the wuftpd bug"
• Reply: Daniel Jacobowitz: "Re: format bugs, in addition to the wuftpd bug"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]