[1537] in linux-security and linux-alert archive

home help back first fref pref prev next nref lref last post

[linux-security] Re: Re: Yet Another DIP Exploit?

daemon@ATHENA.MIT.EDU (Stefan Monnier)
Tue May 6 07:10:28 1997

To: linux-security@redhat.com
From: Stefan Monnier <monnier+/news/lists/linux/security@TEQUILA.SYSTEMSZ.CS.YALE.EDU>
Date: 05 May 1997 18:58:53 -0400
Resent-From: linux-security@redhat.com
Reply-To: linux-security@redhat.com

Olaf Kirch <okir@monad.swb.de> writes:
> 	with the appropriate script, or make dip check that the script
> 	file is owned by root. Any of these avoid the entire security

It still has the usual "setuid-script" hole: you can replace the script by a
root script between the time dip is called and when it checks root-ownership.
Maybe by also checking root-ownership of the directory, you can arrange to plus
that hole since only root could have replaced the script.
Still, sudo seems simpler for comparable safety.


        Stefan


home help back first fref pref prev next nref lref last post