Bugtraq: Re: SUID shell scripts, questions?

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Bugtraq mailing list archives

Re: SUID shell scripts, questions?

From: fred () nasirc hq nasa gov (Fred Blonder)
Date: Mon, 13 Feb 1995 09:25:53 -0500


        From: woods () ncar ucar edu (Greg Woods)

        . . .  you could always overwrite the SAME file with
        something new, so the fd doesn't change.

Now wait a minute!  If someone can overwrite the SAME file you're
potentially hosed whether or not that file is a shell script or a
binary.  If you execute a file that's world-writwable, or writable by
anyone untrusted, you're leaving yourself open.

By Date By Thread

Current thread:

SUID shell scripts, questions? That Whispering Wolf... (Feb 10)
- Re: SUID shell scripts, questions? Adam Shostack (Feb 10)
- Re: SUID shell scripts, questions? Greg Woods (Feb 10)
  - Re: SUID shell scripts, questions? Carson Gaspar (Feb 11)
  - Re: SUID shell scripts, questions? Fred Blonder (Feb 13)
  - IFS Dave Williss (Feb 13)
    - Re: IFS Karl Strickland (Feb 13)
    - Re: IFS Jas (Feb 13)
    - Re: IFS Paul Robinson (Feb 14)
    - Re: IFS David Barr (Feb 15)