Bugtraq mailing list archives
Solaris Signals
From: Jon Masters <jonathan () jonmasters org>
Date: Wed, 12 Feb 2003 03:21:49 +0000 (GMT)
Hi, We all know that old chestnut about tracing setuid programs or scripts, but what about non-setuid scripts which have been installed for users and given execute only permission. For example, a lot of sites provide scripts for users to run which perform some admin related function and thus have usernames or passwords within them - potentially free to users. The thing I want to do is make a few people think about fixing this by taking whatever steps are necessary on a per-installation basis. It is a silly kind of thing which seems to be overlooked all too often. There is some trivial code attached for those who really do not see my point. This is bound to be covered somewhere, I just want to get viewpoints. Jon.
Attachment:
sigtest.c
Description:
Current thread:
- Solaris Signals Jon Masters (Feb 12)
- Re: Solaris Signals Frank v Waveren (Feb 13)
- Re: Solaris Signals ari (Feb 14)
- Re: Solaris Signals Casper Dik (Feb 14)
- Re: Solaris Signals ari (Feb 14)
- <Possible follow-ups>
- Re: Solaris Signals Jon Masters (Feb 13)
- Re: Solaris Signals Frank v Waveren (Feb 13)