Bugtraq mailing list archives
Re: Vulnerability in 4.4BSD Secure Levels Implementation
From: rharri01 () KEPLER POLY EDU (Roger Harrison ?)
Date: Mon, 29 Jun 1998 20:57:37 -0400
On Mon, 29 Jun 1998, Niall Smart wrote:
On Jun 26, 8:41am, Tim Newsham wrote: } Subject: Re: Vulnerability in 4.4BSD Secure Levels Implementation- The syslogd daemon can be covertly compromised, so no useful information ever gets logged to the protected system logs. But at least no-one can modify the useless information.Be smart, niall, syslog can only be compromised after the system has been compromised.
uhm, not necessarily. The pinelock.csh script I wrote around 12/97 and posted to bugtraq could kill syslogd if root opens up two sessions of pine. It is a local exploit. http://kepler.poly.edu/~rharri01 iconoclast () thepentagon com -Iconoclast
Current thread:
- Re: Solaris 2.6 non-executable stacks, (continued)
- Re: Solaris 2.6 non-executable stacks Edward S. Marshall (Jun 14)
- Re: Solaris 2.6 non-executable stacks Casper Dik (Jun 16)
- Re: Solaris 2.6 non-executable stacks Edward S. Marshall (Jun 14)
- Re: Vulnerability in 4.4BSD Secure Levels Implementation Darren Reed (Jun 13)
- Re: Vulnerability in 4.4BSD Secure Levels Implementation tqbf () pobox com (Jun 11)
- Re: Vulnerability in 4.4BSD Secure Levels Implementation Niall Smart (Jun 13)
- Re: Vulnerability in 4.4BSD Secure Levels Implementation Tim Newsham (Jun 26)
- check-ps 1.2 alpha 4 released Duncan Simpson (Jun 26)
- Re: Vulnerability in 4.4BSD Secure Levels Implementation tqbf () pobox com (Jun 14)
- Re: Vulnerability in 4.4BSD Secure Levels Implementation Niall Smart (Jun 28)
- Re: Vulnerability in 4.4BSD Secure Levels Implementation Tim Newsham (Jun 28)
- Re: Vulnerability in 4.4BSD Secure Levels Implementation Roger Harrison ? (Jun 29)
- Serious Linux 2.0.34 security problem David Luyer (Jun 30)
- Re: Serious Linux 2.0.34 security problem Jim Bourne (Jun 30)
- QPOPPER - FreBSD, BSDI/OS remote exploit MiG (Jun 30)