[467] in linux-security and linux-alert archive


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: linux a.out ld.so problem

daemon@ATHENA.MIT.EDU (medulla)
Wed Nov 8 17:04:01 1995

Date: Tue, 7 Nov 1995 00:24:29 -0500 (EST)
From: medulla <medulla@infosoc.com>
To: Aleph One <aleph1@dfw.net>
cc: linux-security@tarsier.cv.nrao.edu
In-Reply-To: <Pine.SUN.3.90.951106143133.212F-100000@dfw.net>



On Mon, 6 Nov 1995, Aleph One wrote:

> Where you fall in the same trap that telnetd did. You are obiusly root
> because you need to be to run strace on ls. There for the test for suidness
> will fail because ruid == euid. Try doing the test without being root.

Well, that was just a sample. I managed to get root with a libc patch 
with login sgid, suid, and sug and sgid. It makes no difference on the 
a.out machines I tested it on (all nonshadowed).

> 
> Aleph One / aleph1@dfw.net
> http://underground.org/
> KeyID 1024/948FD6B5 
> Fingerprint EE C9 E8 AA CB AF 09 61  8C 39 EA 47 A8 6A B8 01 
>


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[467] in linux-security and linux-alert archive

Re: linux a.out ld.so problem

daemon@ATHENA.MIT.EDU (medulla)Wed Nov 8 17:04:01 1995

daemon@ATHENA.MIT.EDU (medulla)
Wed Nov 8 17:04:01 1995