Bugtraq mailing list archives
Re: Flaws in recent Linux kernels
From: Mariusz Woloszyn <emsi () ipartners pl>
Date: Mon, 22 Oct 2001 11:19:25 +0200 (EEST)
On Fri, 19 Oct 2001, Martin Kacer wrote:
PS: What about executing suid binary while some other process has our /proc/$$/mem opened for writing? Isn't there the same problem too? Unfortunately, I do not have enough time to investigate that.
VERY quick test: opening mem WRONLY returns EINVAL while write(). But opening /proc/%i/exe of a process that executes suid binary works well. After exec() another process is able to read suid binary. [Isn't it known behavior???] Opening mem RDONLY works, but after exec() of setuid binary read() returns "no such process". Thinking 'bout mmaping and other tricks... Tested on 2.2.19. -- Mariusz Wołoszyn Internet Security Specialist, Internet Partners
Current thread:
- Flaws in recent Linux kernels Rafal Wojtczuk (Oct 18)
- RE: Flaws in recent Linux kernels Demitrious Kelly (Oct 18)
- Re: Flaws in recent Linux kernels Martin Kacer (Oct 19)
- Re: Flaws in recent Linux kernels Mariusz Woloszyn (Oct 22)
- Re: Flaws in recent Linux kernels Pavel Kankovsky (Oct 27)
- Re: Flaws in recent Linux kernels Solar Designer (Oct 23)
- Re: Flaws in recent Linux kernels Scott Dier (Oct 23)
- Re: Flaws in recent Linux kernels Mariusz Woloszyn (Oct 22)
- Re: Flaws in recent Linux kernels Thomas Fischbacher (Oct 25)
- Re: Flaws in recent Linux kernels Mariusz Woloszyn (Oct 27)
- Re: Flaws in recent Linux kernels Thomas Fischbacher (Oct 27)
- Re: Flaws in recent Linux kernels Mariusz Woloszyn (Oct 27)