Bugtraq mailing list archives
Re: local root on linux 2.2.15
From: tollef () ADD NO (Tollef Fog Heen)
Date: Sun, 11 Jun 2000 12:36:48 +0200
* Philip Guenther | Question: given this bug, is it now the community expectation that every | program that setuids from 0 to non-zero should check for the presence of | this kernel bug? Always check the return value of system calls. Always. Always. Always. A simple program like #include <stdlib.h> #include <unistd.h> #include <linux/capability.h> int main() { cap_user_header_t header; cap_user_data_t data; header = malloc(8); data = malloc(12); header->pid = 0; header->version = _LINUX_CAPABILITY_VERSION; data->inheritable = data->effective = data->permitted = 0; capset(header, data); printf ("%d\n", setuid(1000)); } will print -1 if setuid fails and 0 on success. Like almost all other system calls. If you get -1, die or do something equal, just don't go on and pretend everything is in order. | Are we going to see new versions of perl, screen, xterm, nxterm, and | rxvt (all of which are setuid root on the Linux system in front of | me) that contain code to detect this? if "code to detect this" means "checks the value of system calls", then I absolutely hope so. -- Tollef Fog Heen This is the unix version of the LoveBug virus and in the spirit of such it depends on the user community to propagate. Please send this message to all of your friends and randomly delete numerous files from your system.
Current thread:
- local root on linux 2.2.15 Peter van Dijk (Jun 07)
- Mcafee Alerting DOS vulnerability Harry Schmilllson (Jun 07)
- Re: local root on linux 2.2.15 Wojciech Purczynski (Jun 08)
- Re: local root on linux 2.2.15 Tomasz Grabowski (Jun 08)
- Re: local root on linux 2.2.15 Philip Guenther (Jun 08)
- Re: local root on linux 2.2.15 Wojciech Purczynski (Jun 12)
- Re: local root on linux 2.2.15 Jeff Dafoe (Jun 14)
- Re: local root on linux 2.2.15 Wojciech Purczynski (Jun 14)
- MS-040 'proof of concept' code Renaud Deraison (Jun 13)
- <Possible follow-ups>
- Re: local root on linux 2.2.15 Tollef Fog Heen (Jun 11)
- Re: local root on linux 2.2.15 Peter da Silva (Jun 15)
- Re: local root on linux 2.2.15 Firstname Lastname (Jun 15)
- Re: local root on linux 2.2.15 Robert Watson (Jun 18)
- Net Tools PKI server exploits Jim Stickley (Jun 19)
- XFree86: libICE DoS Chris Evans (Jun 19)
- XFree86: Various nasty libX11 holes Chris Evans (Jun 19)
- XFree86: xdm flaw; present in kdm Chris Evans (Jun 19)
- XFree86: xdm xdmcp code in wdm also Brian Russo (Jun 20)
- Re: XFree86: xdm xdmcp code in wdm also Jerome ALET (Jun 20)
- Re: local root on linux 2.2.15 Peter da Silva (Jun 15)
- Problems with "kon2" package Chris Evans (Jun 19)