[876] in bugtraq
MAGIC PIDs (was Re: magic??)
daemon@ATHENA.MIT.EDU (Karl Strickland)
Wed Feb 1 21:25:08 1995
From: Karl Strickland <karl@bagpuss.demon.co.uk>
To: robert owen thomas <rthomas@pamd.cig.mot.com>
Date: Thu, 2 Feb 1995 00:01:37 +0000 (GMT)
Cc: bugtraq@fc.net
In-Reply-To: <9502011322.ZM19523@pamd.cig.mot.com> from "robert owen thomas" at Feb 1, 95 01:22:40 pm
>
> hello, list-folk--
>
> the other day, i happened to join a conversation about Unix security with
> a couple of fellows at a local bookstore. one of them mentioned the "magic"
> hole. i have heard mention of this hole before, but i assumed the hole
> no longer existed. apparently, this was a hole in /bin/login. does anyone
> else remember this? the last time i heard mention of it was *several*
> years ago, hence my assumption. then again, i recently spotted an old
> sendmail hole ("wizard") at a site, so one can never really assume anything,
> yes?
This is probably associated with the MAGIC PID SUBSYSTEM which has
been implemented on a number of popular UNIX's. Basically processes
that acquire a MAGIC PID have special powers and can do 'magical' things.
If a hole is found in a program (such as /bin/login) which is executing
in a process with a MAGIC PID, it is said to have a 'magic hole'.
LINUX is generally recognised as having the most complete MAGIC PID
implementation. The benefits of MAGIC PIDs was discussed widely on IRC's
#unix and #root about 12 months ago. For more info, I guess you could
try the usenet LINUX or security groups.
------------------------------------------+-----------------------------------
Mailed using ELM on FreeBSD | Karl Strickland
PGP 2.3a Public Key Available. | Internet: karl@bagpuss.demon.co.uk
|
