Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Bugtraq: Re: HP-UX setprivgrp()

Re: HP-UX setprivgrp()

From: Dominique Quatravaux <quatrava_at_clipper.ens.fr>
Date: Thu, 7 Nov 1996 22:51:54 +0100

>
>Maybe a race condition can be won between the times the setuid bits
>are changed by chown().

  Don't bother trying, system calls are atomic... but you can use this
feature to work around filesystem quotas for example. I can't see any
other evil use of this feature : I can't see why giving a file to
somebody else could be harmful. Well, of course it can be done in
the wrong place, so a naive user who chmoded 777 his home directory
could be given a .rhosts...

  OTOH, does this feature allow you to do it the other way round ?
Sort of things like :

  chown myself /etc/passwd
  vi /etc/passwd
  chown root /etc/passwd

  Well _that_ would be interesting enough :-).

>
>-Ed 

--
<< Tout n'y est pas parfait, mais on y honore certainement les jardiniers >>
                                Dominique QUATRAVAUX
                                (Dominique.Quatravaux_at_ens.fr)
Received on Nov 07 1996
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos