|
Bugtraq
mailing list archives
Re: coredumps on setuid programs.
From: a.beckett () fml co uk (Andrew Beckett)
Date: Mon, 25 Jul 94 09:11:29 BST
In article AA12832 () csteam com, George Boyce <george () csteam com> () writes:
From the man page:
Isn't quoting documentation on a bug mailing list like, um, trusting
that there aren't bugs in the first place? I mean the vendors ship
systems which allow worldwide root access. How do you know some hacker
didn't *write* the man page you are reading...
You may have noticed that Dylan also said:
I tried something quick this morning under Solaris 2.3, and it does
not produce core files from setuid programs.
Like me, he tried it _as_well_as_ checking the man page. Of course, I'd wouldn't
even believe a manual page even if it was genuine; it's not entirely unheard of
for sun to break a security feature (never, I hear you say!).
*******************************************************************
* Andrew Beckett * *
* Senior Design Engineer * *
* Fujitsu Microelectronics Ltd * *
* Highway House * phone : (0628) 71116 *
* Norreys Drive * fax : (0628) 773990 *
* Maidenhead. Berks SL6 4BW * email : a.beckett () fml co uk *
*******************************************************************
 By Date 
By Thread
Current thread:
- Re: -froot??? (AIX rlogin bug), (continued)
Re: coredumps on setuid programs. Andrew Beckett (Jul 25)
| 
Intro
