Home page logo

bugtraq logo Bugtraq mailing list archives

Re: FreeBSD,rlogin and coredumps.
From: slk () LINUX1 ACM RPI EDU (Simon Karpen)
Date: Tue, 18 Feb 1997 19:59:37 -0500

The problem is not in screen; it's in the operating system.
Linux is truly not vulnerable as it does not allow
coredumps of setuid root programs.

The BSDs (at least FreeBSD) appear to still do this for some
inane reason. Even SunOS 4.x doesn't coredump setuid progs, and
I wouldn't exactly call it secure.

On Tue, 18 Feb 1997, Nathan Torkington wrote:
It's possible to send a signal 11 to the latest version of screen
(3.7.2) and make it coredump with the master.passwd file in memory.
I'm using FreeBSD 2.1.5-RELEASE.

Simon Karpen
karpes () rpi edu, slk () acm rpi edu, slk () karpes stu rpi edu
"Down, not Across"

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]