oss-sec mailing list archives
atd (was: Re: [oss-security] Re: Healing the bash fork)
From: Seth Arnold <seth.arnold () canonical com>
Date: Mon, 29 Sep 2014 13:06:34 -0700
On Mon, Sep 29, 2014 at 09:59:47AM -0600, Eric Blake wrote:
So even on Debian, where /bin/sh is dash, this script attempts to execute the file named /tmp/exploit=me, possibly under the privileges of 'at' rather than as the user that created the file. No bash needed.
Where does 'at' use the privileges of the at daemon when executing scripts? With just a quick check of the atd sources it looks like privileges are properly changed before executing the script: http://sources.debian.net/src/at/3.1.15-1/atd.c/#L380 Thanks
Attachment:
signature.asc
Description: Digital signature
Current thread:
- Re: Healing the bash fork, (continued)
- Re: Healing the bash fork Kobrin, Eric (Sep 29)
- Re: Healing the bash fork Chet Ramey (Sep 29)
- Re: Healing the bash fork gremlin (Sep 29)
- Re: Healing the bash fork Florian Weimer (Sep 30)
- Re: Healing the bash fork Gennady Kupava (Sep 30)
- Re: Healing the bash fork gremlin (Sep 30)
- Re: Healing the bash fork Kobrin, Eric (Sep 29)
- Re: Healing the bash fork Michal Zalewski (Sep 29)
- Re: Healing the bash fork Kobrin, Eric (Sep 30)
- Re: Re: Healing the bash fork Todd C. Miller (Sep 29)
- atd (was: Re: [oss-security] Re: Healing the bash fork) Seth Arnold (Sep 29)
- Re: CVE-2014-6271: remote code execution through bash Solar Designer (Sep 24)
- Re: CVE-2014-6271: remote code execution through bash Chet Ramey (Sep 25)
- Re: CVE-2014-6271: remote code execution through bash Solar Designer (Sep 25)
- Re: CVE-2014-6271: remote code execution through bash Christos Zoulas (Sep 25)
- Re: CVE-2014-6271: remote code execution through bash Solar Designer (Sep 25)
- Re: CVE-2014-6271: remote code execution through bash Chet Ramey (Sep 25)
- Re: CVE-2014-6271: remote code execution through bash Tavis Ormandy (Sep 25)
- Re: CVE-2014-6271: remote code execution through bash Chet Ramey (Sep 25)
- Re: CVE-2014-6271: remote code execution through bash Michal Zalewski (Sep 25)
- Re: CVE-2014-6271: remote code execution through bash Florian Weimer (Sep 25)