Vulnerability Development mailing list archives
Re: VULN-DEV Digest - 22 Mar 2000 to 23 Mar 2000 (#2000-61)
From: lcamtuf () AGS PL (Michal Zalewski)
Date: Thu, 9 Mar 2000 23:51:42 +0100
On Sun, 26 Mar 2000, Bluefish wrote:
Uhm, it was my impression from the previous mails that no one could reproduce the problem described in the original email, or am I wrong?
As I told before, standard Linux semantics won't let you set sgid bit on file if it's group is one you don't belong to, and it's good, it's correct, it's POSIXly correct ;) Even if so, he made a lot of mistakes in original post (eg. perms 04000 = setuid, not setgid - 02000, RH mail directory is not in /var/mail, and it isn't world-writable - and so on)... Very often, some setuid/setgid programs generates temporary files owned by user.privledged_group, and - thanks God, I mean, Linus or Alan - we can't do something like cat ourshell >somefile;chmod 2755 somefile;./somefile to elevate our group privledges. _______________________________________________________ Michal Zalewski * [lcamtuf () ags pl] <=> [AGS WAN SYSADM] [dione.ids.pl SYSADM] <-> [http://lcamtuf.na.export.pl] [+48 22 551 45 93] [+48 603 110 160] bash$ :(){ :|:&};: =-----=> God is real, unless declared integer. <=-----=
Current thread:
- Re: VULN-DEV Digest - 22 Mar 2000 to 23 Mar 2000 (#2000-61) Devil Man (Mar 24)
- Re: VULN-DEV Digest - 22 Mar 2000 to 23 Mar 2000 (#2000-61) Bluefish (Mar 26)
- Re: VULN-DEV Digest - 22 Mar 2000 to 23 Mar 2000 (#2000-61) Michal Zalewski (Mar 09)
- Re: VULN-DEV Digest - 22 Mar 2000 to 23 Mar 2000 (#2000-61) Bluefish (Mar 26)