[ LUGOS ] [ Security Leak ] Is it or is it not?

[Janez Pirc]

Ziv...

> Hm, /usr/bin/write je suid root...
>
>Ok, ven da ne dela brez tega ampak... *me is being paranoid*
>Tole je potencialni kandidat za buffer overrun exploite... 
>
>Je mogoce o tem ze kaj vec napisanega?

***

COMMAND

    write(2)

SYSTEMS AFFECTED

    Any Linux kernel as of 1.2.13/

PROBLEM

    write(2) does not clear the  setuid bit of files when  called. You
    can overwrite world writable  setuid files with anything  you want
    and keep them setuid.

***

To je vse kar sem nasel...;)

c ya ;)


                                                         Pozdravi, Janez

------------------------------------------------------------------------------
                             Janez Pirc - NotKnown                            
               Talk: janez na helij.s-tsc.ng.edus.si IRC: NotKnown
                         E-mail: janez.pirc na njok.eu.org