Linux Kernel 2.6.x PRCTL Core Dump Handling - simple workaround

[PERFECT.MATERIAL <perfect.material () gmail com>]

Matt Murphy write:
> If you actually bothered to read ANY of the vendor advisories on this
> issue, you'd know why.  The vulnerability exists because the kernel
> DOES NOT VERIFY write permissions to core dump directories.  If your
> users actually have write permissions to /etc/cron.d, do the world a
> favor and disconnect from the internet as soon as humanly possible.

I think the nigger is calling the kettle a junglebunny here. Do you know
how CHDIR(2) works Matthew Murphy? Try to CHDIR(2) into a directory to
which you do not have execute privileges!!!

PERFECT.MATERIAL

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/