Bugtraq mailing list archives

Re: Sending escape sequences to xterms via wall/talk

From: a.beckett () fml co uk (Andrew Beckett)
Date: Thu, 21 Jul 94 14:13:38 BST


In article AA15592@iridium, "Christopher A. Stewart" <stewart () networx com> () writes:

"Mike" == Mike Raffety <mike_raffety () il us swissbank com> writes:


    Mike> setuid programs don't produce core dumps; it's a security
    Mike> feature.

Huh? What *NIX are you using? I've not noticed that behavior..


I must admit I hadn't noticed that, so I thought I'd try it. Use the
following program (the numbers were randomly selected by hitting several
number keys at once):

/* dump_core.c */
main()
{
    long *i=(long *)3249243;

    while(1) {
        *i=(long) i;
        i+=349;
        }
}

compile this, and when you run it it will core dump (providing you have unlimited
core). If you setuid to root and run it as someone other than root, it just
does a bus error and doesn't core dump!

I'm running SunOS 4.1.3_U1.

So it looks as if Mike Raffety has a point!

Andrew.

P.S. I just looked at the man page for core (5). To quote from it:

     The operating system writes out a memory  image  of  a  ter-
     minated  process  when  any  of  various  errors occur.  See
     sigvec(2) for the list  of  reasons;  the  most  common  are
     memory  violations,  illegal  instructions,  bus errors, and
     user-generated quit signals.  The  memory  image  is  called
     core and is written in the process's working directory (pro-
     vided it can be; normal access controls apply).  Set-user-ID
     and  set-group-ID  programs  do  not produce core files when
     they terminate as this would cause a security loophole.


*******************************************************************
* Andrew Beckett                *                                 *
* Senior Design Engineer        *                                 *
* Fujitsu Microelectronics Ltd  *                                 *
* Highway House                 * phone    : (0628) 71116         *
* Norreys Drive                 * fax      : (0628) 773990        *
* Maidenhead. Berks SL6 4BW     * email    : a.beckett () fml co uk  *
*******************************************************************

Current thread:

Re: Wall and talkd pass binary data Bob Page (Jul 19)
- Re: Wall and talkd pass binary data Craig Presson (Jul 20)
- <Possible follow-ups>
- Wall and talkd pass binary data Rob Quinn (Jul 19)
  - Flash/talkd Patrick Mcdowell (Jul 20)
    - Re: Flash/talkd Eric Wedaa (Jul 20)
  - Re: Wall and talkd pass binary data a.e.mossberg (Jul 20)
- Re: Wall and talkd pass binary data Martin Sean Bennet - Sun UK - CSG Engineer (Jul 20)
  - Re: Sending escape sequences to xterms via wall/talk Mike Raffety (Jul 20)
    - Re: Sending escape sequences to xterms via wall/talk Christopher A. Stewart (Jul 20)
    - Re: Sending escape sequences to xterms via wall/talk Andrew Beckett (Jul 21)
    - setuid root programs and core dumps Rob Quinn (Jul 21)
    - Re: Sending escape sequences to xterms via wall/talk Paul Daw (Jul 21)
    - Re: Sending escape sequences to xterms via wall/talk Evil Pete (Jul 21)
    - Re: Sending escape sequences to xterms via wall/talk Christopher A. Stewart (Jul 21)
    - Re: Sending escape sequences to xterms via wall/talk pluvius (Jul 22)
    - Is starting a user program on priv port via inetd dangerous ? Doug McLaren (Jul 21)
    - Re: Is starting a user program on priv port via inetd dangerous ? Eric Murray (Jul 21)
    - Re: Is starting a user program on priv port via inetd dangerous ? matthew green (Jul 21)
    - Re: Is starting a user program on priv port via inetd dangerous ? Darren Reed (Jul 22)
    - Re: Is starting a user program on priv port via inetd dangerous ? jmc () gnu ai mit edu (Jul 22)

(Thread continues...)