Vulnerability Development mailing list archives
Re: limited functionality accounts (was: Re: History Files)
From: sarnold () WILLAMETTE EDU (Seth R Arnold)
Date: Sun, 16 Apr 2000 11:10:51 -0700
* Marc Slemko <marcs () ZNEP COM> [000416 08:45]:
Also be wary of special filesystems such as /proc inside the chrooted environment. On some systems, /proc may let you escape a chrooted environment. On some OSes (don't think Linux lets you, but I don't know about that for sure...) /proc lets the user edit memory in programs they are running. I don't know if any OS/architecture combinations let you
I believe the answers to this is, "Yes, Linux lets users edit memory" -- the /dev/kmem and /dev/mem devices allow mucking around in memory, and several linux distributions were shipping with world-writable permissions on those things. Check bugtraq archives for the exaxt details. :) -- Seth Arnold | http://www.willamette.edu/~sarnold/ Hate spam? See http://maps.vix.com/rbl/ for help
Current thread:
- Re: History Files, (continued)
- Re: History Files gavina () CSIS GVSU EDU (Apr 15)
- Re: History Files Dino Dai Zovi (Apr 15)
- Re: History Files Crispin Cowan (Apr 15)
- Re: History Files Rodrick Brown <System Administrator> (Apr 15)
- Re: History Files Tomas Westin (Apr 15)
- Re: History Files Blue Boar (Apr 15)
- Re: History Files audit (Apr 15)
- Re: History Files Blue Boar (Apr 15)
- Re: History Files Carson Gaspar (Apr 15)
- limited functionality accounts (was: Re: History Files) Marc Slemko (Apr 16)
- Re: limited functionality accounts (was: Re: History Files) Seth R Arnold (Apr 16)
- Re: limited functionality accounts (was: Re: History Files) Einar Indridason (Apr 26)
- Controlling a program's resource usage on Unix Bernie Cosell (Apr 16)
- Re: Controlling a program's resource usage on Unix Seth R Arnold (Apr 16)
- Re: Controlling a program's resource usage on Unix Isaac (Apr 21)
- Re: History Files Rodrick Brown <System Administrator> (Apr 15)
- Re: Controlling a program's resource usage on Unix Crispin Cowan (Apr 16)
- Re: Controlling a program's resource usage on Unix Matej Kovac (Apr 17)
- Re: Controlling a program's resource usage on Unix Pavel Kankovsky (Apr 18)
- Re: History Files David Taylor (Apr 16)
- Re: History Files Boris Sagadin (Apr 17)
- Fwd: RAZOR Analysis of dvwssr.dll Blue Boar (Apr 17)