Bugtraq mailing list archives

Re: local root on linux 2.2.15

From: jeffd () EVCOM NET (Jeff Dafoe)
Date: Wed, 14 Jun 2000 16:44:18 -0400

IMHO, all those setuid-root programs should be fixed if they ignore return
values of system calls.


        Quote from sendmail security team advisory:

=====
Note that checking the return value from setuid() is insufficient;
the setuid(getuid()) succeeds even when the process does not have
"appropriate privileges."
=====

Jeff Dafoe
System Administrator
Evolution Communications, Inc.

Current thread:

local root on linux 2.2.15 Peter van Dijk (Jun 07)
- Mcafee Alerting DOS vulnerability Harry Schmilllson (Jun 07)
- Re: local root on linux 2.2.15 Wojciech Purczynski (Jun 08)
  - Re: local root on linux 2.2.15 Tomasz Grabowski (Jun 08)
  - Re: local root on linux 2.2.15 Philip Guenther (Jun 08)
    - Re: local root on linux 2.2.15 Wojciech Purczynski (Jun 12)
    - Re: local root on linux 2.2.15 Jeff Dafoe (Jun 14)
    - Re: local root on linux 2.2.15 Wojciech Purczynski (Jun 14)
    - MS-040 'proof of concept' code Renaud Deraison (Jun 13)
- Re: local root on linux 2.2.15 Rogier Wolff (Jun 08)
- <Possible follow-ups>
- Re: local root on linux 2.2.15 Tollef Fog Heen (Jun 11)
  - Re: local root on linux 2.2.15 Peter da Silva (Jun 15)
    - Re: local root on linux 2.2.15 Firstname Lastname (Jun 15)
    - Re: local root on linux 2.2.15 Robert Watson (Jun 18)
    - Net Tools PKI server exploits Jim Stickley (Jun 19)
    - XFree86: libICE DoS Chris Evans (Jun 19)
    - XFree86: Various nasty libX11 holes Chris Evans (Jun 19)

(Thread continues...)