On Thursday 10 November 2005 20:30, Paul Eggleton wrote: > Blaisorblade wrote on Friday, 11 November 2005 4:19 a.m.: > > How can anybody have a program "setuid root" there unless he has root > > access first? > > If you can trick root or a program running as root into creating files > or changing permissions for you, it's not that hard (eg. symlink > attack). Granted, situations where root would be writing setuid files as > a matter of course are not very frequent, and it would be tricky to make > it write your file and yet keep the setuid bit, but I think it is still > possible under the right circumstances. You could also do it if you were > somehow able to NFS-mount another machine that you had root access on. Right point, one should then NFS-mount with nodev nosuid from untrusted machines. I'll remember this. > I'm sure there are other ways if the right exploit is unpatched, too. > > Cheers, > Paul
-- Inform me of my mistakes, so I can keep imitating Homer Simpson's "Doh!". Paolo Giarrusso, aka Blaisorblade (Skype ID "PaoloGiarrusso", ICQ 215621894) http://www.user-mode-linux.org/~blaisorblade ___________________________________ Yahoo! Messenger: chiamate gratuite in tutto il mondo http://it.messenger.yahoo.com ------------------------------------------------------- SF.Net email is sponsored by: Tame your development challenges with Apache's Geronimo App Server. Download it for free - -and be entered to win a 42" plasma tv or your very own Sony(tm)PSP. Click here to play: http://sourceforge.net/geronimo.php _______________________________________________ User-mode-linux-user mailing list User-mode-linux-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/user-mode-linux-user
