Full Disclosure mailing list archives
Re: [Security] [vendor-sec] Linux 2.4.x execve() file read race vulnerability
From: Crispin Cowan <crispin () immunix com>
Date: Fri, 27 Jun 2003 15:29:27 -0700
NC Agent wrote:
Hi people,again it is time to discover a funny bug inside the Linux execve() system call....Obviously the setuid binary has been duplicated :-) (but with no setuid flag of course).
You mean there are actually still people who believe that granting x permission but not r permission actually prevents people from reading the file? I mean besides the crowd that believes in Santa Clause, the Easter Bunny, and Jesus :) I expect there to be a large number of ways to do this. This particular hack is cute, though :)
Crispin, equal opportunity offender :) -- Crispin Cowan, Ph.D. http://immunix.com/~crispin/ Chief Scientist, Immunix http://immunix.com http://www.immunix.com/shop/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: [Security] [vendor-sec] Linux 2.4.x execve() file read race vulnerability Crispin Cowan (Jun 27)