Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

bugtraq logo Bugtraq mailing list archives

Re: Sending escape sequences to xterms via wall/talk
From: stewart () networx com (Christopher A. Stewart)
Date: Fri, 22 Jul 1994 03:31:58 +0800


"Paul" == Paul Daw <pauld () pyramid com> writes:


    Paul> On Jul 21, 2:21, "Christopher A. Stewart" wrote:
    >> Subject: Re: Sending escape sequences to xterms via wall/talk
    >> >>>>> "Mike" == Mike Raffety <mike_raffety () il us swissbank com>
    >> writes:
    >> 
    Mike> setuid programs don't produce core dumps; it's a security
    Mike> feature.
    >>  Huh? What *NIX are you using? I've not noticed that behavior..
    >> 
    >> -- End of excerpt from "Christopher A. Stewart"

    Paul> Hmm.  I didn't think that this was the case either, but I
    Paul> just tried it (on a Pyramid MIS-T,) and I can't get any suid
    Paul> programs to dump core.  Using the same test cases, non-suid
    Paul> programs dump core dependably.

    Paul> This makes sense if you think about it.  Suppose I was
    Paul> running /bin/passwd, I had just entered in my password, and
    Paul> then passwd core dumped for some reason.  The core image
    Paul> would have my clear text password stored in it.

    Paul> Of course, one could argue that the core should still be
    Paul> dumped, but be mode 400 and owned by the suid owner, but
    Paul> that isn't happening, at least in my case.

There is at least one circumstance in which you can get a core from a
setuid program, at least on Solaris and probably SunOS. I was fairly
certain of this, as I've worked on programs that where setuid, and
used core files to do some debugging.. Since it was in this context, I
never encounted the security feature..

I just verified in on Solaris by doing the following.. The subject of
the expreiment was the zcat incarnation of gzip from gnu.. I setuid
zcat to myself and then did 'zcat -f' and hit it with the quit
character from the keyboard. It produced a core if I was myself, but
didn't if I was any other user (including root). 

Sorry for wasting bandwidth on this.. I responded based on a limited
set of experiances..

-- 
----------------------------------------------------------------------
Christopher A. Stewart       | (Standard disclaimers are in effect)
System/Network Adminstrator  |
Legent Corp. Networx Div.    |
Bellevue, Wa. 98004          |
Voice (206)-688-2154         |
Fax (206)-688-2050           |

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]