Vulnerability Development mailing list archives

Re: limited functionality accounts (was: Re: History Files)

From: sarnold () WILLAMETTE EDU (Seth R Arnold)
Date: Sun, 16 Apr 2000 11:10:51 -0700


* Marc Slemko <marcs () ZNEP COM> [000416 08:45]:

Also be wary of special filesystems such as /proc inside the chrooted
environment.  On some systems, /proc may let you escape a chrooted
environment.  On some OSes (don't think Linux lets you, but I don't know
about that for sure...) /proc lets the user edit memory in programs they
are running.  I don't know if any OS/architecture combinations let you


I believe the answers to this is, "Yes, Linux lets users edit memory" --
the /dev/kmem and /dev/mem devices allow mucking around in memory, and
several linux distributions were shipping with world-writable
permissions on those things. Check bugtraq archives for the exaxt
details.

:)

--
Seth Arnold | http://www.willamette.edu/~sarnold/
Hate spam? See http://maps.vix.com/rbl/ for help

Current thread:

Re: History Files, (continued)
- Re: History Files gavina () CSIS GVSU EDU (Apr 15)
- Re: History Files Dino Dai Zovi (Apr 15)
- Re: History Files Crispin Cowan (Apr 15)
  - Re: History Files Rodrick Brown <System Administrator> (Apr 15)
    - Re: History Files Tomas Westin (Apr 15)
  - Re: History Files Blue Boar (Apr 15)
    - Re: History Files audit (Apr 15)
    - Re: History Files Blue Boar (Apr 15)
    - Re: History Files Carson Gaspar (Apr 15)
    - limited functionality accounts (was: Re: History Files) Marc Slemko (Apr 16)
    - Re: limited functionality accounts (was: Re: History Files) Seth R Arnold (Apr 16)
    - Re: limited functionality accounts (was: Re: History Files) Einar Indridason (Apr 26)
    - Controlling a program's resource usage on Unix Bernie Cosell (Apr 16)
    - Re: Controlling a program's resource usage on Unix Seth R Arnold (Apr 16)
    - Re: Controlling a program's resource usage on Unix Isaac (Apr 21)
    - Re: Controlling a program's resource usage on Unix Crispin Cowan (Apr 16)
    - Re: Controlling a program's resource usage on Unix Matej Kovac (Apr 17)
    - Re: Controlling a program's resource usage on Unix Pavel Kankovsky (Apr 18)
    - Re: History Files David Taylor (Apr 16)
    - Re: History Files Boris Sagadin (Apr 17)
    - Fwd: RAZOR Analysis of dvwssr.dll Blue Boar (Apr 17)

(Thread continues...)