|
Bugtraq
mailing list archives
Re: COSEINC Linux Advisory #1: Linux Kernel Parent Process Death Signal Vulnerability
From: Dan Yefimov <dan () ns15 lightwave net ru>
Date: Wed, 15 Aug 2007 00:49:49 +0400 (MSD)
On Tue, 14 Aug 2007, Wojciech Purczynski wrote:
I'm not sure this is a real security issue. If some process has the same
effective UID as the given one, the former can always send any signal to
the latter. Thus the behaviour you described is IMHO normal.
It becomes a security issue whenever suid process drops user's UIDs.
But if it drops privileges (changes EUID back to RUID), it can't again send any
signal to setuid process.
--
Sincerely Your, Dan.
 By Date 
By Thread
Current thread:
|
