Re: VULN-DEV Digest - 22 Mar 2000 to 23 Mar 2000 (#2000-61)

[lcamtuf () AGS PL (Michal Zalewski)]

On Sun, 26 Mar 2000, Bluefish wrote:

> Uhm, it was my impression from the previous mails that no one could
> reproduce the problem described in the original email, or am I wrong?

As I told before, standard Linux semantics won't let you set sgid bit on
file if it's group is one you don't belong to, and it's good, it's
correct, it's POSIXly correct ;) Even if so, he made a lot of mistakes in
original post (eg. perms 04000 = setuid, not setgid - 02000, RH mail
directory is not in /var/mail, and it isn't world-writable - and so on)...

Very often, some setuid/setgid programs generates temporary files owned by
user.privledged_group, and - thanks God, I mean, Linus or Alan - we can't
do something like cat ourshell >somefile;chmod 2755 somefile;./somefile to
elevate our group privledges.

_______________________________________________________
Michal Zalewski * [lcamtuf () ags pl] <=> [AGS WAN SYSADM]
[dione.ids.pl SYSADM] <-> [http://lcamtuf.na.export.pl]
[+48 22 551 45 93] [+48 603 110 160] bash$ :(){ :|:&};:
=-----=> God is real, unless declared integer. <=-----=