Bugtraq mailing list archives
Re: local root on linux 2.2.15
From: jeffd () EVCOM NET (Jeff Dafoe)
Date: Wed, 14 Jun 2000 16:44:18 -0400
IMHO, all those setuid-root programs should be fixed if they ignore return values of system calls.
Quote from sendmail security team advisory: ===== Note that checking the return value from setuid() is insufficient; the setuid(getuid()) succeeds even when the process does not have "appropriate privileges." ===== Jeff Dafoe System Administrator Evolution Communications, Inc.
Current thread:
- local root on linux 2.2.15 Peter van Dijk (Jun 07)
- Mcafee Alerting DOS vulnerability Harry Schmilllson (Jun 07)
- Re: local root on linux 2.2.15 Wojciech Purczynski (Jun 08)
- Re: local root on linux 2.2.15 Tomasz Grabowski (Jun 08)
- Re: local root on linux 2.2.15 Philip Guenther (Jun 08)
- Re: local root on linux 2.2.15 Wojciech Purczynski (Jun 12)
- Re: local root on linux 2.2.15 Jeff Dafoe (Jun 14)
- Re: local root on linux 2.2.15 Wojciech Purczynski (Jun 14)
- MS-040 'proof of concept' code Renaud Deraison (Jun 13)
- <Possible follow-ups>
- Re: local root on linux 2.2.15 Tollef Fog Heen (Jun 11)
- Re: local root on linux 2.2.15 Peter da Silva (Jun 15)
- Re: local root on linux 2.2.15 Firstname Lastname (Jun 15)
- Re: local root on linux 2.2.15 Robert Watson (Jun 18)
- Net Tools PKI server exploits Jim Stickley (Jun 19)
- XFree86: libICE DoS Chris Evans (Jun 19)
- XFree86: Various nasty libX11 holes Chris Evans (Jun 19)
- Re: local root on linux 2.2.15 Peter da Silva (Jun 15)