RE: openbsd 3.4 ps bug
From: Nash Leon (nashleon_at_yahoo.com.br)
Date: 11/21/03
- Previous message: Dawes, Rogan (ZA - Johannesburg): "RE: Can you exploit this XSS?"
- In reply to: Dom De Vitto: "RE: openbsd 3.4 ps bug"
- Next in thread: thanos F_at_rm@k1s: "RE: openbsd 3.4 ps bug"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 21 Nov 2003 09:17:07 -0300 (ART) To: dom@DeVitto.com, vuln-dev@securityfocus.com
Hello, Mrs.!
--- Dom De Vitto <dom@DeVitto.com> escreveu: > I
personally think it's interesting that ps does not
> appear to be
> well formed (as other, setuid/gid) processes could
> share this issue,
> however Kurt's point is valid - if there is no
> elevation of privilege,
> this is not a 'security bug'.
If some other program as sudo(suid root) call ps,
so this can be used for elevation of privilege,
in this case, this is dangerous.
Any program that is not suid root, but is called
for one suid can be used for elevation privilege.
> Dom
Sorry my poor english.
Best Regards,
Martin Fallon.
mercenaries's Club
http://cdm.frontthescene.com.br/
______________________________________________________________________
Yahoo! Mail: 6MB, anti-spam e antivírus gratuito! Crie sua conta agora:
http://mail.yahoo.com.br
- Previous message: Dawes, Rogan (ZA - Johannesburg): "RE: Can you exploit this XSS?"
- In reply to: Dom De Vitto: "RE: openbsd 3.4 ps bug"
- Next in thread: thanos F_at_rm@k1s: "RE: openbsd 3.4 ps bug"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
