Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

bugtraq logo Bugtraq mailing list archives

Re: Sending escape sequences to xterms via wall/talk
From: pluvius () dragon achilles net (pluvius)
Date: Fri, 22 Jul 1994 13:32:46 -0400 (EDT)


I just verified in on Solaris by doing the following.. The subject of
the expreiment was the zcat incarnation of gzip from gnu.. I setuid
zcat to myself and then did 'zcat -f' and hit it with the quit
character from the keyboard. It produced a core if I was myself, but
didn't if I was any other user (including root). 



 atleast in HP-UX, probably other systems too, a setuid program will
only dump core if uid == euid
ie:
main()
{
 char *foo;
   setuid(geteuid()); 
   fgets(foo); /* <-- boom */
}

will dump core if setuid, but

main()
{
 char *foo;
   fgets(foo); /* <-- boom */
}

will not unless run by whoever the program is setuid to.

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]