Vulnerability Development mailing list archives
RE: openbsd 3.4 ps bug
From: Nash Leon <nashleon () yahoo com br>
Date: Fri, 21 Nov 2003 09:17:07 -0300 (ART)
Hello, Mrs.! --- Dom De Vitto <dom () DeVitto com> escreveu: > I personally think it's interesting that ps does not
appear to be well formed (as other, setuid/gid) processes could share this issue, however Kurt's point is valid - if there is no elevation of privilege, this is not a 'security bug'.
If some other program as sudo(suid root) call ps, so this can be used for elevation of privilege, in this case, this is dangerous. Any program that is not suid root, but is called for one suid can be used for elevation privilege.
Dom
Sorry my poor english. Best Regards, Martin Fallon. mercenaries's Club http://cdm.frontthescene.com.br/ ______________________________________________________________________ Yahoo! Mail: 6MB, anti-spam e antivĂrus gratuito! Crie sua conta agora: http://mail.yahoo.com.br
Current thread:
- openbsd 3.4 ps bug thanos F (Nov 19)
- Re: openbsd 3.4 ps bug Kurt Seifried (Nov 20)
- Re: openbsd 3.4 ps bug Daniel (Nov 20)
- RE: openbsd 3.4 ps bug Dom De Vitto (Nov 20)
- RE: openbsd 3.4 ps bug Nash Leon (Nov 21)
- <Possible follow-ups>
- RE: openbsd 3.4 ps bug thanos F (Nov 21)
- Re: openbsd 3.4 ps bug Kurt Seifried (Nov 20)