Bugtraq mailing list archives
Re: Request for discussion.
From: zitz () infinity ivdev com (Silicon Avatar)
Date: Thu, 9 Feb 1995 14:49:59 -0600 (CST)
On Wed, 8 Feb 1995, Casper Dik wrote:
Not if "Real OS(tm)" == Linux. (which of course has the best procfs money can't buy).Which is why Linux procfs has tons of security holes. CasperSuch as?Hm, they seem to be fix now. In early rleases the permissions of the fd and cd and exec files weren't right. Now it uses some ugly hack that looks like the modes on the symlink are 700 (lrwx------) which only seems to work on the funny symlinks under /proc. Hm, it just occured to me that, as root, hijackling connections under Linux is real simple, you just open the right /proc/pid/fd/<num>
Indeed ... I don't think there really is a lack of root-able ways of getting *anything* hijacked or somesuch on *any* machine, regardless of procfs usage or not :) /----------------------------------------------------------------------\ <> Stephan K. Zitz <> My mind is my best friend... <> <> zitz () infinity ivdev com <> And my worst enemy... GABBPUY! <> <> Integrated Visions -- Watch out, is on its way.... <> \======================================================================/ GCS/M d-- p c++++ l+++ u++ e+ m-(++) s !n h++ f(++)* !g w+++ t+++ r+ y+(*)
Current thread:
- Re: Request for discussion., (continued)
- Re: Request for discussion. Karl Strickland (Feb 06)
- Re: Request for discussion. Karl Strickland (Feb 07)
- Re: Request for discussion. Stephen D. Williams (Feb 07)
- Re: Request for discussion. Aleph One (Feb 07)
- Re: Request for discussion. Julian Assange (Feb 08)
- Re: Request for discussion. Casper Dik (Feb 08)
- Re: Request for discussion. Karl Strickland (Feb 08)
- Re: Request for discussion. Casper Dik (Feb 08)
- Sniffer FAQ Christopher Klaus (May 27)
- Security FAQes Update Christopher Klaus (May 27)
- Re: Request for discussion. Silicon Avatar (Feb 09)
- X authentication Timothy Newsham (Feb 09)
- Re: X authentication Stephen Gildea (Feb 10)
- Semaphores/Setuid root... problem? Pete Hartman (Feb 09)