NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Vuln-Dev> 2000-q4

Subject: Re: SUID server
From: J C Lawrence (clawKANGA.NU)
Date: Mon Oct 02 2000 - 15:11:20 CDT

Next message: Peter Pentchev: "Re: Pegasus Mail"
Previous message: Marcelo Lamoglia: "CyberWall"
Next in thread: Philipp Buehler: "Re: SUID server"
Maybe reply: J C Lawrence: "Re: SUID server"
Reply: Philipp Buehler: "Re: SUID server"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, 2 Oct 2000 14:35:17 +0200
Philipp Buehler <listsFIPS.DE> wrote:

> On 01/10/2000, Adam Langley <aglLINUXPOWER.ORG> wrote To
> VULN-DEVSECURITYFOCUS.COM:

>> the traceroute.so file and continues. The data from the frontend
>> is checked and parsed and passed the the traceroute backend which
>> (running as root)

> So, you write a check/parser for *any* suid binary behind it?

I would look at it as directly similar to the way PAM and PAM
modules are currently implemented.

--
J C Lawrence                                 Home: clawkanga.nu
---------(*)                               Other: coderkanga.nu
http://www.kanga.nu/~claw/        Keys etc: finger clawkanga.nu
--=| A man is as sane as he is dangerous to his environment |=--

Next message: Peter Pentchev: "Re: Pegasus Mail"
Previous message: Marcelo Lamoglia: "CyberWall"
Next in thread: Philipp Buehler: "Re: SUID server"
Maybe reply: J C Lawrence: "Re: SUID server"
Reply: Philipp Buehler: "Re: SUID server"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]