Vulnerability Development mailing list archives

RE: openbsd 3.4 ps bug

From: Nash Leon <nashleon () yahoo com br>
Date: Fri, 21 Nov 2003 09:17:07 -0300 (ART)

Hello, Mrs.!

 --- Dom De Vitto <dom () DeVitto com> escreveu: > I
personally think it's interesting that ps does not

appear to be
well formed (as other, setuid/gid) processes could
share this issue,
however Kurt's point is valid - if there is no
elevation of privilege,
this is not a 'security bug'.


If some other program as sudo(suid root) call ps,
so this can be used for elevation of privilege,
in this case, this is dangerous.

Any program that is not suid root, but is called
for one suid can be used for elevation privilege.

Dom


Sorry my poor english.

Best Regards,

Martin Fallon.
mercenaries's Club
http://cdm.frontthescene.com.br/


______________________________________________________________________

Yahoo! Mail: 6MB, anti-spam e antivírus gratuito! Crie sua conta agora:
http://mail.yahoo.com.br

Current thread:

openbsd 3.4 ps bug thanos F (Nov 19)
- Re: openbsd 3.4 ps bug Kurt Seifried (Nov 20)
  - Re: openbsd 3.4 ps bug Daniel (Nov 20)
  - RE: openbsd 3.4 ps bug Dom De Vitto (Nov 20)
    - RE: openbsd 3.4 ps bug Nash Leon (Nov 21)
- <Possible follow-ups>
- RE: openbsd 3.4 ps bug thanos F (Nov 21)