|
Bugtraq
mailing list archives
Re: 7a69Adv#22 - UNIX unzip keep setuid and setgid files
From: devnull () Rodents Montreal QC CA
Date: Tue, 1 Mar 2005 12:57:38 -0500 (EST)
[As usual when I write here, the header From: is a black hole. Use the
address in the signature to actually reach me.]
this only works if the user un-zipping the file is already root.
otherwise it creates an "sh" binary which is setuid to the user who
unzipped the file.
If your homedir is worldreadable, which is pretty common practice the
other user can run the shell and get your useraccount.
This is confusing readable with executable.
If a directory is readable, anyone can find out the names of the things
in it. If it's executable, anyone who knows a thing's name there can
get to the thing.
Read and execute access usually go together on directories, but they
don't have to. (A +r-x directory is of doubtful use. But -r+x is
comparatively useful.)
/~\ The ASCII der Mouse
\ / Ribbon Campaign
X Against HTML mouse () rodents montreal qc ca
/ \ Email! 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B
 By Date 
By Thread
Current thread:
| 
Intro
