Date: Sun, 10 Aug 1997 10:13:04 +0000 (GMT) From: Alfred Perlstein <perlsta@sunyit.edu> To: "Jonathan A. Zdziarski" <jonz@netrail.net> Cc: Brian Mitchell <brian@firehouse.net>, bugtraq@netspace.org, freebsd-security@FreeBSD.ORG Subject: Re: procfs hole Message-ID: <Pine.BSF.3.96.970810101052.7449A-100000@server.local.sunyit.edu> In-Reply-To: <Pine.BSF.3.95q.970810104520.14828A-100000@netrail.net>
next in thread | previous in thread | raw e-mail | index | archive | help
ok, hear's the deal, the exploit was written SPECIFICALLY for SU but i assume almost any setuid program can be modified to do any kinda nasty thing just by patching its code. Getting root access isn't the only "bad" thing, it could somehow patch the program by putting an "exec" somewhere in it :) or it could just be used to make PASSWD mis-behave... ._________________________________________ __ _ |Alfred Perlstein - Programming & SysAdmin |perlsta@sunyit.edu |http://www.cs.sunyit.edu/~perlsta : ---"Have you seen my FreeBSD tatoo?" ' On Sun, 10 Aug 1997, Jonathan A. Zdziarski wrote: > never mind about my last message - I was finally able to get it to work on > both 2.2.2 and 2.2.1 systems. ack. is the 'su' command the only > pheasable method of manipulating this problem, or do you think it could be > done with other setuid programs? I'm running sudo, and can disable su, > but then again what if sudo can be modified. > > > ------------------------------------------------------------------------- > Jonathan A. Zdziarski NetRail Incorporated > Server Engineering Manager 230 Peachtree St. Suite 500 > jonz@netrail.net Atlanta, GA 30303 > http://www.netrail.net (888) - NETRAIL > ------------------------------------------------------------------------- > >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.970810101052.7449A-100000>