[10415] in bugtraq
Re: Possible Linuxconf Vulnerability
daemon@ATHENA.MIT.EDU (Patrick J. Volkerding)
Mon May 3 18:39:10 1999
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-Id: <Pine.BSI.3.96.990501135547.25234B-100000@rrnet.com>
Date: Sat, 1 May 1999 14:03:25 -0500
Reply-To: "Patrick J. Volkerding" <gonzo@RRNET.COM>
From: "Patrick J. Volkerding" <gonzo@RRNET.COM>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <372ADB4E.11C469CA@nwlink.com>
On Sat, 1 May 1999, Desync wrote:
> Where do you draw the line between poor system managment and exploitable
> programs. If I set suid root on /bin/bash, is that to say its an
> exploit?
>
> Obviously, someone would have to remove clock for this to occur. Which
> would conclude that either A) you had incorrect permissions for clock B)
> they had allready used some means of another true exploit to cause other
> program to misbehave.
Not necessarily. Maybe there was never a 'clock' on the system to begin
with; since the real 'clock' binary was phased out of the util-linux
sources a year or so ago, what you get varies by Linux distribution. On
Red Hat, 'clock' is a symbolic link to 'hwclock', a newer utility. On
Slackware, we continue to maintain a 'clock' binary as part of our
util-linux package (in addition to the newer 'hwclock'). Other
distributions may not provide any binary or link for 'clock', relying
solely on 'hwclock'.
Take care,
Pat
