Home page logo
/

oss-sec logo oss-sec mailing list archives

Re: CVE request: oping allows the disclosure of arbitrary file contents
From: Tomas Hoger <thoger () redhat com>
Date: Tue, 17 Nov 2009 20:48:12 +0100

On Mon, 16 Nov 2009 17:39:30 -0500 (EST) Josh Bressers wrote:

Does the RLIMIT_NPROC trick work against oping, or any setuid app
that calls setuid(getuid())?

This should work for everything that calls setuid()

I have a little bit about this here:
http://www.bress.net/blog/archives/34-setuid-madness.html

My previous web search did find that one.  Though set_user() doing
NPROC check is only called when new uid differs from current real uid
(so not called in setuid(getuid()) case).

-- 
Tomas Hoger / Red Hat Security Response Team


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]