[59] in WWW Security List Archive
Re: GSS API...
daemon@ATHENA.MIT.EDU (Marc Horowitz)
Wed Aug 17 20:48:50 1994
To: uunet!crow!rik@uunet.uu.net
Cc: uunet!uworld!uunet!ns1.rutgers.edu!www-security@uunet.uu.net
Date: Wed, 17 Aug 1994 00:40:26 EDT
From: Marc Horowitz <uunet!MIT.EDU!marc@uunet.uu.net>
>> I am very concerned about the security of DLL, or shared library-like
>> tools. These have been a big problem, especially on Sun systems,
>> where an attack might take the form of placing a doctored shared
>> library ahead of the appropriate shared library.
The most common form of this bug is placing a doctored shared library
ahead of the system one and then executing a privileged (setuid)
program in order to gain privileged access (root).
Since I don't expect www clients to be privileged (I hope not! :-),
this attack isn't relevant.
Marc
