Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: Vulnerability in 4.4BSD Secure Levels Implementation
From: tqbf () pobox com (tqbf () pobox com)
Date: Sun, 14 Jun 1998 03:43:02 -0500


Unless there is an
application (or the system itself) that periodically checks for any
change in status of a system daemon (like the change of a PID),

Watch out. You can't assume that a change of processes is detectable by a
change in the PID --- if I kill off the original holder of a PID, I can
claim that PID by forking until the OS re-uses it for my own process. Even
if the system uses randomized PIDs (a cool idea), I will still eventually
receive the one I want, and until I do (we're probably talking seconds),
I can keep the service I'm backdooring running on a different PID.

-----------------------------------------------------------------------------
Thomas H. Ptacek          The Company Formerly Known As Secure Networks, Inc.
-----------------------------------------------------------------------------
http://www.pobox.com/~tqbf       "If you're so special, why aren't you dead?"



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]