Vulnerability Development mailing list archives

Re: /lib/ld-2.2.4.so

From: Olaf Kirch <okir () caldera de>
Date: Tue, 23 Apr 2002 09:27:53 +0200

On Mon, Apr 22, 2002 at 09:43:32AM +0300, Sabau Daniel wrote:

boxes and i've been succesfull, please if anyone know how to eliminate 
this hole in my security give me a replay. If i try to change the mode on


You can't fix it. You can always do

        cp file-with-mode-444-perms ./foobar
        chmod +x foobar
        ./foobar

Unix file permission bits aren't really orthogonal, especially r and x.
Even though it may give some admins a deep feeling of satisfaction,
playing with the r and x bits accomplishes nothing in terms of security.

Olaf
-- 
Olaf Kirch        |  Anyone who has had to work with X.509 has probably
okir () caldera de   |  experienced what can best be described as
------------------+  ISO water torture. -- Peter Gutmann

Current thread:

/lib/ld-2.2.4.so Sabau Daniel (Apr 22)
- RE: /lib/ld-2.2.4.so Tech Support (Apr 24)
  - Re: /lib/ld-2.2.4.so Marlon Jabbur (Apr 24)
- Re: /lib/ld-2.2.4.so Eric Rostetter (Apr 24)
- Re: /lib/ld-2.2.4.so Olaf Kirch (Apr 24)
  - Re: /lib/ld-2.2.4.so Bill Weiss (Apr 24)
    - Re: /lib/ld-2.2.4.so Kurt Seifried (Apr 25)
    - Re: /lib/ld-2.2.4.so Robert A. Seace (Apr 25)
    - nobody suid shell (kind of relationship with the ld-2.2.4 thread...) Anibal Ambertin (Apr 26)
    - Re: nobody suid shell (kind of relationship with the ld-2.2.4 thread...) c0n (Apr 26)
    - Re: nobody suid shell (kind of relationship with the ld-2.2.4 thread...) Bill Weiss (Apr 26)
    - Re: nobody suid shell (kind of relationship with the ld-2.2.4 thread...) Jim Nanney (Apr 26)
    - Re: /lib/ld-2.2.4.so Florian Weimer (Apr 26)
  - Re: /lib/ld-2.2.4.so FozZy (Apr 24)
    - RE: /lib/ld-2.2.4.so Tech Support (Apr 25)

(Thread continues...)