Bugtraq mailing list archives
Re: [Re: xmonisdn (isdn4k-utils/Linux) bug report]
From: ant () NOTATLA DEMON CO UK (Antonomasia)
Date: Wed, 20 Oct 1999 22:33:45 +0100
From: Brock Tellier <btellier () USA NET>
This was my try to exploit myself. When I make the 'killall -8 xmonisdn' >my xmonisdn dies only with an Floating exception but it doesn't dump a core.
Good, it shouldn't. If you look at the original post, this person executed those commands as root, which, on his system, allowed him to make the suid xmonisdn dump core. xmonisdn won't dump core unless you are running it as root. This isn't a security hole unless it were to dump core in a world readable mode.
Or in a directory writable by others, in which case files could get trashed. With O_NOFOLLOW in the core file open(), as it is in recent kernels, you now require hard links rather than symbolic links to achieve this. I've put O_EXCL in some of my kernels for this reason. -- ############################################################## # Antonomasia ant () notatla demon co uk # # See http://www.notatla.demon.co.uk/ # ##############################################################
Current thread:
- Re: [Re: xmonisdn (isdn4k-utils/Linux) bug report] Brock Tellier (Oct 20)
- <Possible follow-ups>
- Re: [Re: xmonisdn (isdn4k-utils/Linux) bug report] Antonomasia (Oct 20)