Bugtraq mailing list archives

Re: ipop3d (x2) / pine (x2) / Linux kernel (x2) / Midnight

From: casper () HOLLAND SUN COM (Casper Dik)
Date: Thu, 8 Apr 1999 09:38:40 +0200

These programs should probably do a setuid() instead, which affects
saved-user-id as well.

This problem isn't huge, you might say, because whenever you do a
fork() or similar, the saved-user-id should be reset. But if you can
take control of the application via a buffer overflow or the like, and
saved-user-id is root then you have no problem of getting the root
priviledges back before doing a fork().

'

fork() does not affect uids at all.

exec* does.

Note that both setuid(uid) (as root) and setreuid(uid,uid) should
get rid of the saved uid.

Casper

Current thread:

Re: ipop3d (x2) / pine (x2) / Linux kernel (x2) / Midnight, (continued)
- - - Re: ipop3d (x2) / pine (x2) / Linux kernel (x2) / Midnight Luca Berra (Apr 10)
    - Re: ipop3d (x2) / pine (x2) / Linux kernel (x2) / Midnight Miguel de Icaza (Apr 11)
- Re: ipop3d (x2) / pine (x2) / Linux kernel (x2) / Midnight Miguel de Icaza (Apr 05)
- Multiple WinGate Vulnerabilities[Tad late] Marc (Apr 05)
- Re: ipop3d (x2) / pine (x2) / Linux kernel (x2) / Midnight Stefan Rompf (Apr 06)
  - Re: ipop3d (x2) / pine (x2) / Linux kernel (x2) / Midnight Viktor Fougstedt (Apr 07)
    - security hole (READ AS: security chasm) in ICQ-Webserver DaChronic (Apr 07)
    - Re: security hole (READ AS: security chasm) in ICQ-Webserver sven () MSC-MEDIA COM (Apr 08)
    - Bug in Winroute 3.04g Michael R. Rudel (Apr 08)
    - Re: Bug in Winroute 3.04g Max Vision (Apr 09)
    - Re: ipop3d (x2) / pine (x2) / Linux kernel (x2) / Midnight Casper Dik (Apr 08)
  - Re: ipop3d (x2) / pine (x2) / Linux kernel (x2) / Midnight M.C.Mar (Apr 08)
- ALERT: No viruses in Acrobat Reader Sarah Rosenbaum (Apr 08)