Bugtraq mailing list archives
Re: FreeBSD 4.3 local root
From: "Przemyslaw Frasunek" <venglin () freebsd lublin pl>
Date: Fri, 13 Jul 2001 15:19:37 +0200
http://www.frasunek.com/sources/security/rexec/This workaround not complete, because it doesn't protect for the bug exploitation. For example the attacker can send the shellcode via stdin to the suid program. It's address can also be determined with removing the suid bit from the program, and tracing it non-root.
Of course, rexec wasn't designed to protect from this vulnerability. It protects from argument/environment based overflows and some formatting bugs. Almost all such security enhancements are possible to bypass, but not by script kiddies. Rexec tries to make exploiting local vulnerabilities harder. Selective noexec feature prevents kiddies from running their exploits.
(BTW, rexec is generally a good idea, we like it)
Thanks. I'm using it on all of my boxes with user accounts. -- * Fido: 2:480/124 ** WWW: http://www.frasunek.com/ ** NIC-HDL: PMF9-RIPE * * Inet: przemyslaw () frasunek com ** PGP: D48684904685DF43EA93AFA13BE170BF *
Current thread:
- Re: FreeBSD 4.3 local root Przemyslaw Frasunek (Jul 11)
- Re: FreeBSD 4.3 local root Matias Sedalo (Jul 15)
- Re: FreeBSD 4.3 local root Foldi Tamas (Jul 15)
- Re: FreeBSD 4.3 local root Przemyslaw Frasunek (Jul 15)