Vulnerability Development mailing list archives
Re: slocate bug.
From: "Kurt Seifried" <bugtraq () seifried org>
Date: Fri, 15 Feb 2002 19:59:45 -0700
Hey there, Ok just hold on: What would be the advantages of exploiting something which would spawn the
"slocate" group privileges? Maybe browsing users' directories? No root yet... [seifried@vomit seifried]$ ls -l /usr/bin/slocate -rwxr-sr-x 1 root slocate 25020 Jun 25 2001 /usr/bin/slocate I am group slocate. I can write to slocate binary. root runs slocate (well, locate, which is a link to slocate). I think that might be a problem.
-- mips
Kurt Seifried, kurt () seifried org A15B BEE5 B391 B9AD B0EF AEB0 AD63 0B4E AD56 E574 http://seifried.org/security/ http://www.idefense.com/digest.html
Current thread:
- slocate bug. Ehud Tenenbaum (Feb 14)
- Re: slocate bug. KF (Feb 14)
- Re: slocate bug. Rodrigo Barbosa (Feb 15)
- Re: slocate bug. Guilherme Mesquita (Feb 15)
- Re: slocate bug. Kurt Seifried (Feb 16)
- Re: slocate bug. Larry W. Cashdollar (Feb 16)
- Re: slocate bug. Kurt Seifried (Feb 16)
- Re: slocate bug. Larry W. Cashdollar (Feb 16)
- Re: slocate bug. Larry W. Cashdollar (Feb 17)
- Re: slocate bug. Rodrigo Barbosa (Feb 21)
- Re: slocate bug. Rodrigo Barbosa (Feb 21)
- Re: slocate bug. Rodrigo Barbosa (Feb 15)
- Re: slocate bug. KF (Feb 14)
- <Possible follow-ups>
- Re: slocate bug. jaytee () email it (Feb 14)
- Re: slocate bug. Wodahs Latigid (Feb 15)
- Re: slocate bug. Rodrigo Barbosa (Feb 20)