Vulnerability Development mailing list archives
Re: ddd smashed
From: l0rt <simon () snosoft com>
Date: 16 Jan 2002 10:48:20 -0500
I agree, Why would anyone want to do it? None the less it is still a problem/bug that should be fixed. If you choose to be ignorant and assume that people do not do stupid things then please do not try to force that on me. On Tue, 2002-01-15 at 20:27, Pavel Kankovsky wrote:
On 15 Jan 2002, l0rt wrote:Program : ddd OS : Linux DISTRO : RedHat 7.1 Issue : 0x41414141 (no core tho) Home Page: http://www.gnu.org/software/ddd/ suid : No sgid : No Issue : ddd may be called by an suid helper binary and could be exploited to gain local root access.Why the hell would anyone ever want to invoke a *debugger* frontend via a setuid helper?! Anyone stupid enough to do anything like that would create multiple security holes an order of magnitude bigger than this little buffer overflow in ddd! --Pavel Kankovsky aka Peak [ Boycott Microsoft--http://www.vcnet.com/bms ] "Resistance is futile. Open your source code and prepare for assimilation."
-- -l0rt- Strategic Reconnaissance Team Team Key ID: ACFCBD01 l0rt Key ID: 47BF3F87 ------------------------------------------ "That secret you've been guarding, isn't."
Attachment:
_bin
Description:
Current thread:
- ddd smashed l0rt (Jan 15)
- Re: ddd smashed Pavel Kankovsky (Jan 16)
- Re: ddd smashed l0rt (Jan 16)
- Re: ddd smashed Pavel Kankovsky (Jan 16)
- Re: ddd smashed l0rtamus Prime (Jan 16)
- Re: ddd smashed l0rt (Jan 16)
- Re: ddd smashed Pavel Kankovsky (Jan 16)