Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

bugtraq logo Bugtraq mailing list archives

Re: Potential security problem with mtr
From: viktor () DTEK CHALMERS SE (Viktor Fougstedt)
Date: Fri, 3 Mar 2000 21:26:37 +0100

On Fri, 3 Mar 2000, LaMont Jones wrote:


Since the saved uid survives across fork() and exec(), any buffer
overrun or similar bug in mtr is just as bad as if mtr had never done
the seteuid() at all.


Saved-uid should get dropped on exec(), shouldn't it?



I stand corrected. Saved uid is set to the effective uid on
exec. Makes it harder to do nasty stuff with it.

/Viktor...

--|     Viktor Fougstedt, system administrator at dtek.chalmers.se     |--
--|                http://www.dtek.chalmers.se/~viktor/                |--
--| ...soon we'll be sliding down the razor blade of life. /Tom Lehrer |--

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]