Full Disclosure mailing list archives
Re: HTML Help API - Privilege Escalation
From: Sebastian Niehaus <killedbythoughts () mindcrime net>
Date: 24 Oct 2003 20:08:24 +0200
KF <dotslash () snosoft com> writes: [...]
I would relate this type of attack to a setuid program calling system("clear") while running as root on a unix machine. This does not mean that system() is flawed rather that when implementing this call you need to be more careful and drop your privs.
Well, if you have a programm to be run in suid mode, every Unix admin should be alerted. They are used to review the source code of this kind of stuff. You won't be able to do this with your average windows junk... Just a thought... _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- HTML Help API - Privilege Escalation Brett Moore (Oct 24)
- Re: HTML Help API - Privilege Escalation KF (Oct 24)
- Re: HTML Help API - Privilege Escalation Sebastian Niehaus (Oct 24)
- Re: Re: HTML Help API - Privilege Escalation KF (Oct 24)
- Re: Re: HTML Help API - Privilege Escalation security snot (Oct 24)
- Re: Re: HTML Help API - Privilege Escalation KF (Oct 24)
- Re: Re: HTML Help API - Privilege Escalation security snot (Oct 26)
- Re: HTML Help API - Privilege Escalation Sebastian Niehaus (Oct 24)
- Re: HTML Help API - Privilege Escalation KF (Oct 24)
- Re: Re: HTML Help API - Privilege Escalation Valdis . Kletnieks (Oct 24)