<a href="http://g.adspeed.net/ad.php?do=clk&zid=14678&wd=728&ht=90&pair=as" target="_top"><img style="border:0px;" src="http://g.adspeed.net/ad.php?do=img&zid=14678&wd=728&ht=90&pair=as" alt="i" width="728" height="90"/></a>

Nmap Security Scanner

Docs
Security Lists

Full Disclosure

More
Security Tools

Packet crafters

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

edgeos

Vulnerability Development: Re: Owning privileged processes under UnixWare

Re: Owning privileged processes under UnixWare

From: Elias Levy <aleph1_at_SECURITYFOCUS.COM>
Date: Mon, 6 Dec 1999 19:04:27 -0800

It seems the basic problem is that SCO has implemented privileges in
UnixWare without thinking of possible interaction with other subsystems.
They should have placed the same restriction on application running with
privileges as those placed on applications running suid or sgid. I am
surprised no one before noticed this. Its a hole you could drive a truck
through. The engineers that coded the privilege system (a security subsystem!)
should get a good ass chewing or get fired.

--
Elias Levy
Security Focus
http://www.securityfocus.com/

Received on Dec 07 1999

This message: [ Message body ]
Next message: Blue Boar: "Re: Owning privileged processes under UnixWare"
Previous message: Tellier, Brock: "Owning privileged processes under UnixWare"
In reply to: Tellier, Brock: "Owning privileged processes under UnixWare"
Next in thread: Blue Boar: "Re: Owning privileged processes under UnixWare"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]

edgeos