Vulnerability Development mailing list archives

Re: Owning privileged processes under UnixWare

From: aleph1 () SECURITYFOCUS COM (Elias Levy)
Date: Mon, 6 Dec 1999 19:04:27 -0800


It seems the basic problem is that SCO has implemented privileges in
UnixWare without thinking of possible interaction with other subsystems.
They should have placed the same restriction on application running with
privileges as those placed on applications running suid or sgid. I am
surprised no one before noticed this. Its a hole you could drive a truck
through. The engineers that coded the privilege system (a security subsystem!)
should get a good ass chewing or get fired.

--
Elias Levy
Security Focus
http://www.securityfocus.com/

Current thread:

Idiocy "exploit" Roy Wilson (Dec 01)
- Re: Idiocy "exploit" Blue Boar (Dec 01)
  - Re: Idiocy "exploit" Joel Eriksson (Dec 03)
  - Owning privileged processes under UnixWare Tellier, Brock (Dec 06)
    - Re: Owning privileged processes under UnixWare Elias Levy (Dec 06)
    - Re: Owning privileged processes under UnixWare Blue Boar (Dec 07)
    - rpcclient 2.0.5a crashed services.exe Blue Boar (Dec 13)
    - Wireless LANs ? Sebastian Andersson (Dec 14)
    - [Fwd: rpcclient 2.0.5a crashed services.exe] Blue Boar (Dec 15)
    - BSD chfn bug Pavol Luptak (Dec 20)
    - Re: BSD chfn bug Przemyslaw Frasunek (Dec 21)
    - Re: BSD chfn bug Warner Losh (Dec 21)
    - Re: BSD chfn bug Tellier, Brock (Dec 23)
    - Re: BSD chfn bug Stanislav N. Vardomskiy (Dec 25)
    - Re: BSD chfn bug Michal Zalewski (Jul 21)

(Thread continues...)