[12306] in bugtraq
Re: [Re: xmonisdn (isdn4k-utils/Linux) bug report]
daemon@ATHENA.MIT.EDU (Antonomasia)
Thu Oct 21 15:28:38 1999
Message-Id: <199910202133.WAA06914@notatla.demon.co.uk>
Date: Wed, 20 Oct 1999 22:33:45 +0100
Reply-To: Antonomasia <ant@NOTATLA.DEMON.CO.UK>
From: Antonomasia <ant@NOTATLA.DEMON.CO.UK>
X-To: bugtraq@securityfocus.com
To: BUGTRAQ@SECURITYFOCUS.COM
From: Brock Tellier <btellier@USA.NET>
> >This was my try to exploit myself. When I make the 'killall -8 xmonisdn' >my
> >xmonisdn dies only with an Floating exception but it doesn't dump a core.
> Good, it shouldn't. If you look at the original post, this person executed
> those commands as root, which, on his system, allowed him to make the suid
> xmonisdn dump core. xmonisdn won't dump core unless you are running it as
> root. This isn't a security hole unless it were to dump core in a world
> readable mode.
Or in a directory writable by others, in which case files could get trashed.
With O_NOFOLLOW in the core file open(), as it is in recent kernels, you
now require hard links rather than symbolic links to achieve this.
I've put O_EXCL in some of my kernels for this reason.
--
##############################################################
# Antonomasia ant@notatla.demon.co.uk #
# See http://www.notatla.demon.co.uk/ #
##############################################################
