oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

atd (was: Re: [oss-security] Re: Healing the bash fork)

From: Seth Arnold <seth.arnold () canonical com>
Date: Mon, 29 Sep 2014 13:06:34 -0700
On Mon, Sep 29, 2014 at 09:59:47AM -0600, Eric Blake wrote:

So even on Debian, where /bin/sh is dash, this script attempts to
execute the file named /tmp/exploit=me, possibly under the privileges of
'at' rather than as the user that created the file.  No bash needed.


Where does 'at' use the privileges of the at daemon when executing
scripts?

With just a quick check of the atd sources it looks like privileges are
properly changed before executing the script:

http://sources.debian.net/src/at/3.1.15-1/atd.c/#L380

Thanks

Attachment: signature.asc
Description: Digital signature

Previous By Date Next
Previous By Thread Next

Current thread: