Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: local root on linux 2.2.15

From: tollef () ADD NO (Tollef Fog Heen)
Date: Sun, 11 Jun 2000 12:36:48 +0200

* Philip Guenther

| Question: given this bug, is it now the community expectation that every
| program that setuids from 0 to non-zero should check for the presence of
| this kernel bug?

Always check the return value of system calls.  Always.  Always.
Always.

A simple program like

#include <stdlib.h>
#include <unistd.h>
#include <linux/capability.h>

int main() {
  cap_user_header_t header;
  cap_user_data_t data;
  header = malloc(8);
  data = malloc(12);
  header->pid = 0;
  header->version = _LINUX_CAPABILITY_VERSION;
  data->inheritable = data->effective = data->permitted = 0;
  capset(header, data);
  printf ("%d\n", setuid(1000));
}

will print -1 if setuid fails and 0 on success.  Like almost all other
system calls.  If you get -1, die or do something equal, just don't go
on and pretend everything is in order.

| Are we going to see new versions of perl, screen, xterm, nxterm, and
| rxvt (all of which are setuid root on the Linux system in front of
| me) that contain code to detect this?

if "code to detect this" means "checks the value of system calls",
then I absolutely hope so.

--
Tollef Fog Heen
This is the unix version of the LoveBug virus and in the spirit of such it
depends on the user community to propagate. Please send this message to all
of your friends and randomly delete numerous files from your system.
Previous By Date Next
Previous By Thread Next

Current thread: