Search (keywords):  SOFT ARTICLES TIPS & TRICKS SECURITY LINKS NEWS MAN DOCUMENTATION

<< Previous INDEX Search src Set bookmark Go to bookmark Next >>

Date: Tue, 4 Aug 1998 13:19:01 -0400
From: Zachary Amsden <amsdenz@AAVID.COM>
To: BUGTRAQ@netspace.org
Subject: linux kernel patch - suid procs exec'd with bad 0,1,2 fds

Patch for current linux kernels

If a priviledged process is exec'd by a user who closes
file descriptors on it, many poorly written programs do
not notice and libc printf functions may have access to
any files opened.  This can be used to crash the system
by corrupting memory or in some cases, compromise root.

This doesn't attempt to fix the fds for such a process,
that would be not quite right in a chrooted environment
with no /dev/null, and creating fake dentries and inode
is too much work for something that is not quite useful

Instead, we just fall through the standard error checks
and return EPERM


This doesn't break pipelines or any other traditional
UNIX functionality that I am aware of.

Zachary Amsden
amsden@andrew.cmu.edu



begin 666 suidbadfd.txt
M+2TM(&QI;G5X+V9S+V5X96,N8RYO;&0)1G)I($IU;" S,2 Q,3HS-CHT.2 Q
M.3DX#0HK*RL@;&EN=7@O9G,O97AE8RYC"4UO;B!!=6<@(#,@,3$Z-3 Z,3(@
M,3DY. T*0$ @+38U-2PQ," K-C4U+#$W($! #0H@"0DO*B!792!C86XG="!S
M=6ED+65X96-U=&4@:68@=V4G<F4@<VAA<FEN9R!P87)T<R!O9B!T:&4@97AE
M8W5T86)L92 J+PT*( D)+RH@;W(@:68@=V4G<F4@8F5I;F<@=')A8V5D("AO
M<B!I9B!S=6ED(&5X96-S(&%R92!N;W0@86QL;W=E9"D@(" @*B\-"B )"2\J
M("AC=7)R96YT+3YM;2T^8V]U;G0@/B Q(&ES(&]K+"!A<R!W92=L;"!G970@
M82!N97<@;6T@86YY=V%Y*2 @("HO#0HK"0DO*B!!;'-O(&1O;B=T('-U:60M
M97AE8R!P<F]C<R!W:71H(&)A9" P+#$L,B!F9',@9F]R('-E8W5R:71Y("U:
M02 J+PT*( D):68@*$E37TY/4U5)1"AI;F]D92D-"B )"2 @("!\?" H8W5R
M<F5N="T^9FQA9W,@)B!01E]05%)!0T5$*0T*( D)(" @('Q\("AC=7)R96YT
M+3YF<RT^8V]U;G0@/B Q*0T*( D)(" @('Q\("AA=&]M:6-?<F5A9"@F8W5R
M<F5N="T^<VEG+3YC;W5N="D@/B Q*0T**PD)(" @('Q\("%&1%])4U-%5"@P
M+" F8W5R<F5N="T^9FEL97,M/F]P96Y?9F1S*0T**PD)(" @('Q\("%&1%])
M4U-%5"@Q+" F8W5R<F5N="T^9FEL97,M/F]P96Y?9F1S*0T**PD)(" @('Q\
M("%&1%])4U-%5"@R+" F8W5R<F5N="T^9FEL97,M/F]P96Y?9F1S*0T**PD)
M(" @('Q\($9$7TE34T54*# L("9C=7)R96YT+3YF:6QE<RT^8VQO<V5?;VY?
M97AE8RD-"BL)"2 @("!\?"!&1%])4U-%5"@Q+" F8W5R<F5N="T^9FEL97,M
M/F-L;W-E7V]N7V5X96,I#0HK"0D@(" @?'P@1D1?25-3150H,BP@)F-U<G)E
M;G0M/F9I;&5S+3YC;&]S95]O;E]E>&5C*0T*( D)(" @('Q\("AC=7)R96YT
M+3YF:6QE<RT^8V]U;G0@/B Q*2D@>PT*(" )"0EI9B H:61?8VAA;F=E("8F
M("%C87!A8FQE*$-!4%]31515240I*0T*(" )"0D)<F5T=7)N("U%4$5233L-
!"@``
`
end

<< Previous INDEX Search src Set bookmark Go to bookmark Next >>

ПОДПИШИСЬ НА ЖУРНАЛ Linux Format 2012! Журнал "Linux Format" (Линукс Формат)- Единственный в России и странах СНГ журнал на русском языке, посвящённый Linux и свободному ПО. Журнал для IT-директоров, IT-менеджеров, программистов, системных администраторов, учителей школ и преподавателей ВУЗов и всех пользователей ПК. В каждом выпуске: Новости индустрии OpenSource, обзоры новинок свободного ПО, обучающие и методические статьи. Каждый, кто оформит подписку, получает бонусы и подарки- объёмные наклейки на системный блок, диск с архивом номеров за 2005-2011 г.г. и ежемесячно электронную версию журнала в pdf-формате. Оформить подписку на год