[21064] in bugtraq
Re: OpenBSD 2.9,2.8 local root compromise
daemon@ATHENA.MIT.EDU (Peter van Dijk)
Sat Jun 16 14:48:37 2001
Date: Sat, 16 Jun 2001 12:00:54 +0200
From: Peter van Dijk <peter@dataloss.nl>
To: Bugtraq <BUGTRAQ@securityfocus.com>
Message-ID: <20010616120054.A17221@dataloss.nl>
Mail-Followup-To: Bugtraq <BUGTRAQ@securityfocus.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <000a01c0f5af$acfa9880$b503000a@STEALTH>; from tlambiris@skillsoft.com on Fri, Jun 15, 2001 at 11:27:23AM -0400
On Fri, Jun 15, 2001 at 11:27:23AM -0400, Tony Lambiris wrote:
> AFAIK its been fixed in -current, and it _will_ be in errata shortly..
> in the meantime, there is a hotfix for the code itself, read the mailing
> lists.. OR
>
> in /etc/fstab, make /tmp nosuid and noexec, then mount -u /tmp (you did
> make tmp a seperate partition.. didn tyou?)
There are about a 1000 other places on a machine people can stick the
file to be executed. The actual problem is not tmp-related, the
provided exploit just happens to use /tmp.
Making /tmp nosuid and noexec will only stop the kiddo's that are too
stupid to change the exploit to work on such machines.
Greetz, Peter
--
Against Free Sex! http://www.dataloss.nl/Megahard_en.html
