[3049] in bugtraq
Re: Exploiting Zolaris 2.4 ?? :)
daemon@ATHENA.MIT.EDU (David DeSimone)
Sun Aug 4 16:45:59 1996
Date: Sun, 4 Aug 1996 14:46:14 -0500
Reply-To: fox@mailhost.rsn.hp.com
From: David DeSimone <fox@mailhost.rsn.hp.com>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@netspace.org>
In-Reply-To: <9608041048.AA04148@albano>; from Casper Dik on Aug 4,
1996 12:48:15 +0200
Even if a program can dump core into a writable directory, that is not
the same thing as being able to overwrite a file. If you make a symlink
core -> /etc/passwd, the dump will only succeed if /etc/passwd is also
writable by the setgid group. If that's the case, then you are in
trouble.
--
David DeSimone | "The doctrine of human equality reposes on this:
fox@convex.hp.com | that there is no man really clever who has not
Hewlett-Packard | found that he is stupid." -- Gilbert K. Chesterson
Convex Division | PGP: 5B 47 34 9F 3B 9A B0 0D AB A6 15 F1 BB BE 8C 44
