Re: COSEINC Linux Advisory #1: Linux Kernel Parent Process Death Signal Vulnerability



On Wed, 15 Aug 2007, Wojciech Purczynski wrote:

The problem is that without suid binary execved from parent process you
can not send the signal. ;) With suid binary you can and that makes this
issue a privilege escalation vulnerability.

Could you please explain it to me where do you see privilege escalation here?
If the setuid root binary allows arbitrary code execution on getting an
unexpected signal (but signals are always unexpected due to their asynchronous
and independent nature), that is the problem with that particular binary, not
Linux itself. In that case you are right, there is the privilege escalation
vulnerability, but vulnerability is in that particular binary. Linux itself
has nothing to do with that and should not be blamed at all.
--

Sincerely Your, Dan.



Relevant Pages