[1537] in linux-security and linux-alert archive
[linux-security] Re: Re: Yet Another DIP Exploit?
daemon@ATHENA.MIT.EDU (Stefan Monnier)
Tue May 6 07:10:28 1997
To: linux-security@redhat.com
From: Stefan Monnier <monnier+/news/lists/linux/security@TEQUILA.SYSTEMSZ.CS.YALE.EDU>
Date: 05 May 1997 18:58:53 -0400
Resent-From: linux-security@redhat.com
Reply-To: linux-security@redhat.com
Olaf Kirch <okir@monad.swb.de> writes:
> with the appropriate script, or make dip check that the script
> file is owned by root. Any of these avoid the entire security
It still has the usual "setuid-script" hole: you can replace the script by a
root script between the time dip is called and when it checks root-ownership.
Maybe by also checking root-ownership of the directory, you can arrange to plus
that hole since only root could have replaced the script.
Still, sudo seems simpler for comparable safety.
Stefan