Bugtraq mailing list archives
Re: coredumps on setuid programs.
From: a.beckett () fml co uk (Andrew Beckett)
Date: Mon, 25 Jul 94 09:11:29 BST
In article AA12832 () csteam com, George Boyce <george () csteam com> () writes:
From the man page:Isn't quoting documentation on a bug mailing list like, um, trusting that there aren't bugs in the first place? I mean the vendors ship systems which allow worldwide root access. How do you know some hacker didn't *write* the man page you are reading...
You may have noticed that Dylan also said:
I tried something quick this morning under Solaris 2.3, and it does not produce core files from setuid programs.
Like me, he tried it _as_well_as_ checking the man page. Of course, I'd wouldn't even believe a manual page even if it was genuine; it's not entirely unheard of for sun to break a security feature (never, I hear you say!). ******************************************************************* * Andrew Beckett * * * Senior Design Engineer * * * Fujitsu Microelectronics Ltd * * * Highway House * phone : (0628) 71116 * * Norreys Drive * fax : (0628) 773990 * * Maidenhead. Berks SL6 4BW * email : a.beckett () fml co uk * *******************************************************************
Current thread:
- Re: Bad Advise, (continued)
- Re: Bad Advise Timothy Newsham (Jul 27)
- -froot??? (AIX rlogin bug) Eric Wedaa (Jul 29)
- Re: -froot??? (AIX rlogin bug) Aaron Eppert (Jul 29)
- Re: -froot??? (AIX rlogin bug) Mark G. Scheuern (Jul 30)
- Re: -froot??? (AIX rlogin bug) Alexander Haiut (Jul 30)
- Re: -froot??? (AIX rlogin bug) Baba Z Buehler (Jul 30)
- Solaris problems? James W. Abendschan (Jul 29)
- Re: Solaris problems? Steve Davis (Jul 30)
- Re: Solaris problems? jsz (Jul 30)
- Re: Solaris problems? Casper Dik (Jul 31)
- Re: coredumps on setuid programs. Andrew Beckett (Jul 25)