Re: Red Hat 9: free tickets
From: Carlos Villegas (villegas_at_math.gatech.edu)
Date: 07/02/03
- Previous message: Michal Zalewski: "Red Hat 9: free tickets"
- In reply to: Michal Zalewski: "Red Hat 9: free tickets"
- Next in thread: Michal Zalewski: "Re: Red Hat 9: free tickets"
- Reply: Michal Zalewski: "Re: Red Hat 9: free tickets"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 2 Jul 2003 17:07:29 -0400 To: Michal Zalewski <lcamtuf@ghettot.org>
This way of attack seems useless to me. This is also used on RH 8.0
systems, and for both 8.0 and 9 systems:
drwx------ 4 root root 4096 Jun 27 08:43 /var/run/sudo
Which means that if the packages are properly built (and will make sure
that this directory gets this permissions if it existed before the
rpm is installed), this attack will gain you nothing, since you need
to be root to exploit it. If you can get root access to make this
attack possible, then you might as well launch a shell instead.
Carlos
- Previous message: Michal Zalewski: "Red Hat 9: free tickets"
- In reply to: Michal Zalewski: "Red Hat 9: free tickets"
- Next in thread: Michal Zalewski: "Re: Red Hat 9: free tickets"
- Reply: Michal Zalewski: "Re: Red Hat 9: free tickets"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
