Re: Linux X86 fileutils-4x local root exploit

bug-coreutils

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Linux X86 fileutils-4x local root exploit

From:	Paul Eggert
Subject:	Re: Linux X86 fileutils-4x local root exploit
Date:	Sat, 19 Jun 2004 14:25:30 -0700
User-agent:	Gnus/5.1006 (Gnus v5.10.6) Emacs/21.3 (gnu/linux)

Antti J Hätinen <address@hidden> writes:

> Is there a patch against this exploit?

I don't see any exploit that is related to fileutils.  "rm" doesn't
have setuid privileges, so whatever "rm" can do under the supposed
"exploit", your C program can do anyway.

It's true that you can fool "rm" into thinking that it is running as
root, but you can just as easily take the source code to "rm", modify
it so that the modified "rm" thinks that it is running as root,
compile the modified version, and run it.  Same effect.

[Prev in Thread]

Current Thread

[Next in Thread]

Linux X86 fileutils-4x local root exploit, Antti J Hätinen, 2004/06/19
- Re: Linux X86 fileutils-4x local root exploit, Paul Eggert <=

Prev by Date: Re: Bug in od
Next by Date: Re: width of who output
Previous by thread: Linux X86 fileutils-4x local root exploit
Next by thread: Re: ls bug: -c and -u swapped?
Index(es):
- Date
- Thread