[14195] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: Potential security problem with mtr

daemon@ATHENA.MIT.EDU (Viktor Fougstedt)
Tue Mar 7 10:04:47 2000

Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-Id:  <Pine.GSO.4.10.10003032124380.23989-100000@peurifoy.dtek.chalmers.se>
Date:         Fri, 3 Mar 2000 21:26:37 +0100
Reply-To: Viktor Fougstedt <viktor@DTEK.CHALMERS.SE>
From: Viktor Fougstedt <viktor@DTEK.CHALMERS.SE>
X-To:         LaMont Jones <lamont@security.hp.com>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To:  <20000303201224.D0A5918726@security.hp.com>

On Fri, 3 Mar 2000, LaMont Jones wrote:

> > Since the saved uid survives across fork() and exec(), any buffer
> > overrun or similar bug in mtr is just as bad as if mtr had never done
> > the seteuid() at all.
>
> Saved-uid should get dropped on exec(), shouldn't it?
>

I stand corrected. Saved uid is set to the effective uid on
exec. Makes it harder to do nasty stuff with it.


/Viktor...

--|     Viktor Fougstedt, system administrator at dtek.chalmers.se     |--
--|                http://www.dtek.chalmers.se/~viktor/                |--
--| ...soon we'll be sliding down the razor blade of life. /Tom Lehrer |--


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[14195] in bugtraq

Re: Potential security problem with mtr

daemon@ATHENA.MIT.EDU (Viktor Fougstedt)Tue Mar 7 10:04:47 2000

daemon@ATHENA.MIT.EDU (Viktor Fougstedt)
Tue Mar 7 10:04:47 2000