Bugtraq mailing list archives

Re: [Re: xmonisdn (isdn4k-utils/Linux) bug report]

From: ant () NOTATLA DEMON CO UK (Antonomasia)
Date: Wed, 20 Oct 1999 22:33:45 +0100


From: Brock Tellier <btellier () USA NET>

This was my try to exploit myself. When I make the 'killall -8 xmonisdn' >my
xmonisdn dies only with an Floating exception but it doesn't dump a core.

Good, it shouldn't. If you look at the original post, this person executed
those commands as root, which, on his system, allowed him to make the suid
xmonisdn dump core.  xmonisdn won't dump core unless you are running it as
root.  This isn't a security hole unless it were to dump core in a world
readable mode.


Or in a directory writable by others, in which case files could get trashed.

With O_NOFOLLOW in the core file open(), as it is in recent kernels, you
now require hard links rather than symbolic links to achieve this.
I've put O_EXCL in some of my kernels for this reason.

--
##############################################################
# Antonomasia   ant () notatla demon co uk                      #
# See http://www.notatla.demon.co.uk/                        #
##############################################################

Current thread:

Re: [Re: xmonisdn (isdn4k-utils/Linux) bug report] Brock Tellier (Oct 20)
- <Possible follow-ups>
- Re: [Re: xmonisdn (isdn4k-utils/Linux) bug report] Antonomasia (Oct 20)