[4067] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: FreeBSD,rlogin and coredumps.

daemon@ATHENA.MIT.EDU (Simon Karpen)
Tue Feb 18 23:06:40 1997

Date: 	Tue, 18 Feb 1997 19:59:37 -0500
Reply-To: Simon Karpen <slk@LINUX1.ACM.RPI.EDU>
From: Simon Karpen <slk@LINUX1.ACM.RPI.EDU>
X-To:         Nathan Torkington <gnat@FRII.COM>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To:  <199702181907.MAA12621@elara.frii.com>

The problem is not in screen; it's in the operating system.
Linux is truly not vulnerable as it does not allow
coredumps of setuid root programs.

The BSDs (at least FreeBSD) appear to still do this for some
inane reason. Even SunOS 4.x doesn't coredump setuid progs, and
I wouldn't exactly call it secure.

On Tue, 18 Feb 1997, Nathan Torkington wrote:
> It's possible to send a signal 11 to the latest version of screen
> (3.7.2) and make it coredump with the master.passwd file in memory.
> I'm using FreeBSD 2.1.5-RELEASE.

Simon Karpen
karpes@rpi.edu, slk@acm.rpi.edu, slk@karpes.stu.rpi.edu
"Down, not Across"


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[4067] in bugtraq

Re: FreeBSD,rlogin and coredumps.

daemon@ATHENA.MIT.EDU (Simon Karpen)Tue Feb 18 23:06:40 1997

daemon@ATHENA.MIT.EDU (Simon Karpen)
Tue Feb 18 23:06:40 1997