Steve Langasek <[EMAIL PROTECTED]> writes: > Can you explain how this is exploitable? In CVE-2006-2916, the > description is "allows local users to gain root privileges by causing > setuid to fail". um... how is an unprivileged local user going to cause > setuid() to fail?
By exceeding a resource limit for the target UID to which root is trying to setuid. Or by somehow triggering the kernel bug that we're currently observing on one of our servers that seems related, which is preventing root from successfully doing setuid to nobody. There were a ton of security-related updates to various packages a while back due to various iterations of this problem. (Although as I recall you were involved in some of those updates, so maybe I'm stating the obvious to someone who knows better and you understand this all better than I do.) -- Russ Allbery ([EMAIL PROTECTED]) <http://www.eyrie.org/~eagle/> -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
