Bugtraq: Re: Flaws in recent Linux kernels

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Bugtraq mailing list archives

Re: Flaws in recent Linux kernels

From: Mariusz Woloszyn <emsi () ipartners pl>
Date: Mon, 22 Oct 2001 11:19:25 +0200 (EEST)

On Fri, 19 Oct 2001, Martin Kacer wrote:

   PS: What about executing suid binary while some other process has our
/proc/$$/mem opened for writing? Isn't there the same problem too?
Unfortunately, I do not have enough time to investigate that.

VERY quick test: opening mem WRONLY returns EINVAL while write().

But opening /proc/%i/exe of a process that executes suid binary works
well. After exec() another process is able to read suid binary.
[Isn't it known behavior???]

Opening mem RDONLY works, but after exec() of setuid binary read() returns
"no such process".

Thinking 'bout mmaping and other tricks...

Tested on 2.2.19.

--
Mariusz Wołoszyn
Internet Security Specialist, Internet Partners

By Date By Thread

Current thread:

Flaws in recent Linux kernels Rafal Wojtczuk (Oct 18)
- RE: Flaws in recent Linux kernels Demitrious Kelly (Oct 18)
- Re: Flaws in recent Linux kernels Martin Kacer (Oct 19)
  - Re: Flaws in recent Linux kernels Mariusz Woloszyn (Oct 22)
    - Re: Flaws in recent Linux kernels Pavel Kankovsky (Oct 27)
  - Re: Flaws in recent Linux kernels Solar Designer (Oct 23)
    - Re: Flaws in recent Linux kernels Scott Dier (Oct 23)
- Re: Flaws in recent Linux kernels Thomas Fischbacher (Oct 25)
  - Re: Flaws in recent Linux kernels Mariusz Woloszyn (Oct 27)