[2078] in linux-security and linux-alert archive
[linux-security] no argv
daemon@ATHENA.MIT.EDU (Topi Miettinen)
Wed Oct 14 03:13:53 1998
Reply-to: Topi Miettinen <Topi.Miettinen@medialab.sonera.net>
From: Topi Miettinen <Topi.Miettinen@medialab.sonera.net>
To: linux-security@redhat.com
Date: Tue, 13 Oct 1998 22:51:27 +0300
Resent-From: linux-security@redhat.com
Resent-Reply-To: linux-security@redhat.com
Running programs (including set?id ones) without argv (execle(f,0,0))
causes many of them to die with a segmentation violation when they blindly
try to access argv[0].
This could be exploited in denial-of-service attacks if the program has
opened a lock file before segfaulting, though I haven't found any yet. I
can't think of a way for this to give a root shell.
-Topi
--
----------------------------------------------------------------------
Please refer to the information about this list as well as general
information about Linux security at http://www.aoy.com/Linux/Security.
----------------------------------------------------------------------
To unsubscribe:
mail -s unsubscribe linux-security-request@redhat.com < /dev/null