Bugtraq mailing list archives
Re: Pointer to a process's credential structure?
From: patrick () oes amdahl com (Patrick Horgan)
Date: Fri, 14 Apr 1995 09:17:25 +0800
Hi -- Browsing through some archived "bugtraq" messages I discovered a really nifty way to change the effective and real userid of any process running under SunOS 4.1.x (well, at least 4.1.2 and 4.1.3x). That particular hole is demonstrably exploitable under Solaris 2.3 (and I assume Solaris 2.4), except for one little problem....
I'd have to think...we used to be able to do this via the prom debugger. We wouldn't have to know any address ahead of time, but could walk the kernels tables in the debugger from the prom prompt. If anyone really cares I could probably figure it out for Solaris 2, but I'm not sure of the point. I'd hope everyone knows that physical security is important, and that if you don't have it your in deep doo-doo. Patrick _______________________________________________________________________ / These opinions are mine, and not Amdahl's (except by coincidence;). \ | (\ | | Patrick J. Horgan Amdahl Corporation \\ Have | | patrick () amdahl com 1250 East Arques Avenue \\ _ Sword | | Phone : (408)992-2779 P.O. Box 3470 M/S 316 \\/ Will | | FAX : (408)773-0833 Sunnyvale, CA 94088-3470 _/\\ Travel | \___________________________O16-2294________________________\)__________/
Current thread:
- Pointer to a process's credential structure? Scott Lystig Fritchie (Apr 12)
- Re: Pointer to a process's credential structure? John F. Haugh II (Apr 16)
- Re: Pointer to a process's credential structure? John C. Orthoefer (Apr 16)
- Re: Pointer to a process's credential structure? Scott Lystig Fritchie (Apr 17)
- Welcome to bugtraq Majordomo () fc net (Apr 20)
- <Possible follow-ups>
- Re: Pointer to a process's credential structure? Patrick Horgan (Apr 13)
- Re: Pointer to a process's credential structure? Scott Fritchie (Apr 14)
- Re: Pointer to a process's credential structure? Frank Byrum (Apr 14)