* sector x <sectorx_at_DIGITALPHOBIA.COM> [000610 13:10] wrote:
> Here is a freebsd port of noir's cdrecord buffer overflow.
> have you noticed cdrecord is very often suid root on many
> systems? :)
>
> --sectorx
>
> -- snip snip --
>
> /* freebsd cdrecord exploit port by sectorx of XOR
[*yawn* *snip*]
But it's _not_ suid on FreeBSD:
~ % ls -l /usr/local/bin/cdrecord
-r-xr-xr-x 1 root wheel 161244 May 20 04:31 /usr/local/bin/cdrecord
Cute but useless. Any program that encourages users to suid it
root and allows arbritary devices to be accessed over the scsi bus
needs to be taken out back and shot, twice. Any vendor that ships
it that way, three times.
The exploit presented here is akin to writing a sploit for /bin/sh
that only works if it's suid.
--
-Alfred Perlstein - [bright_at_wintelcom.net|alfred_at_freebsd.org]
"I have the heart of a child; I keep it in a jar on my desk."
Received on Jun 12 2000
Intro
