Vulnerability Development: Re: nonsuid overflows... still at risk?

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Vulnerability Development mailing list archives

Re: nonsuid overflows... still at risk?

From: Michal Zalewski <lcamtuf () bos bindview com>
Date: Wed, 6 Jun 2001 11:02:21 -0400 (EDT)

On Wed, 6 Jun 2001, KF wrote:

exactly what I was thinking... crontab -e calls vi to open the users
crontab... this is why I was wondering if it could be exploited due to
the fact that crontab is suid.


Not really. As long as crontab itself is not broken, it should invoke vi
without additional priviledges. Otherwise, you can always type ':!sh' in
command mode and you do not need buffers overflows to do that.

-- 
_____________________________________________________
Michal Zalewski [lcamtuf () bos bindview com] [security]
[http://lcamtuf.coredump.cx] <=-=> bash$ :(){ :|:&};:
=-=> Did you know that clones never use mirrors? <=-=

By Date By Thread

Current thread:

Re: TCSH problems?, (continued)
- Re: nonsuid overflows... still at risk? Andrew R. Reiter (Jun 06)
- Re: nonsuid overflows... still at risk? Michal Zalewski (Jun 06)
  - Re: nonsuid overflows... still at risk? KF (Jun 06)
    - Re: nonsuid overflows... still at risk? Michal Zalewski (Jun 06)
    - Re: nonsuid overflows... still at risk? KF (Jun 06)
    - crontab and sgid (was: nonsuid overflows... still at risk?) Tomasz Grabowski (Jun 07)
    - Re: crontab and sgid (was: nonsuid overflows... still at risk?) Olaf Kirch (Jun 08)
    - Re: crontab and sgid (was: nonsuid overflows... still at risk?) Rafal Wojtczuk (Jun 09)
- Re: nonsuid overflows... still at risk? Bela Lubkin (Jun 07)