Bugtraq mailing list archives
Re: local root on linux 2.2.15
From: typo () SCENE AT (Firstname Lastname)
Date: Thu, 15 Jun 2000 22:25:17 +0200
On Thu, Jun 15, 2000 at 10:44:07AM -0500, Peter da Silva wrote:
This isn't as bad as a buffer overflow on stack, because it's almost impossible to exploit for anything but a DOS attack, but it's easy to avoid: header = malloc(sizeof (cap_user_header_t) ); data = malloc(sizeof (cap_user_data_t) );
nope. both sizeof()'s will always return 4 (on 32 bit architectures). (see /usr/include/linux/capability.h: typedef struct __user_cap_header_struct { __u32 version; int pid; } *cap_user_header_t; typedef struct __user_cap_data_struct { __u32 effective; __u32 permitted; __u32 inheritable; } *cap_user_data_t; ) use this instead: header = malloc(sizeof (struct __user_cap_header_struct) ); data = malloc(sizeof (struct __user_cap_data_struct) );
I don't have a recent Linux box to check, but isn't this a system call?
yup #define __NR_capget 184 #define __NR_capset 185 ciao, typo -- so much entropy, so little time
Current thread:
- Re: local root on linux 2.2.15, (continued)
- Re: local root on linux 2.2.15 Wojciech Purczynski (Jun 08)
- Re: local root on linux 2.2.15 Tomasz Grabowski (Jun 08)
- Re: local root on linux 2.2.15 Philip Guenther (Jun 08)
- Re: local root on linux 2.2.15 Wojciech Purczynski (Jun 12)
- Re: local root on linux 2.2.15 Jeff Dafoe (Jun 14)
- Re: local root on linux 2.2.15 Wojciech Purczynski (Jun 14)
- MS-040 'proof of concept' code Renaud Deraison (Jun 13)
- Re: local root on linux 2.2.15 Wojciech Purczynski (Jun 08)
- Re: local root on linux 2.2.15 Peter da Silva (Jun 15)
- Re: local root on linux 2.2.15 Firstname Lastname (Jun 15)
- Re: local root on linux 2.2.15 Robert Watson (Jun 18)
- Net Tools PKI server exploits Jim Stickley (Jun 19)
- XFree86: libICE DoS Chris Evans (Jun 19)
- XFree86: Various nasty libX11 holes Chris Evans (Jun 19)
- XFree86: xdm flaw; present in kdm Chris Evans (Jun 19)
- XFree86: xdm xdmcp code in wdm also Brian Russo (Jun 20)
- Re: XFree86: xdm xdmcp code in wdm also Jerome ALET (Jun 20)