Bugtraq mailing list archives
Re: Request for discussion.
From: casper () fwi uva nl (Casper Dik)
Date: Wed, 08 Feb 1995 16:24:08 +0100
Not if "Real OS(tm)" == Linux. (which of course has the best procfs money can't buy).Which is why Linux procfs has tons of security holes. CasperSuch as?
Hm, they seem to be fix now. In early rleases the permissions of the fd and cd and exec files weren't right. Now it uses some ugly hack that looks like the modes on the symlink are 700 (lrwx------) which only seems to work on the funny symlinks under /proc. Hm, it just occured to me that, as root, hijackling connections under Linux is real simple, you just open the right /proc/pid/fd/<num> Casper
Current thread:
- Re: Request for discussion., (continued)
- Re: Request for discussion. Casper Dik (Feb 07)
- Re: Request for discussion. Timothy Newsham (Feb 07)
- Possible backdoor in ftpd? James Seng (Feb 07)
- Re: Request for discussion. Karl Strickland (Feb 06)
- Re: Request for discussion. Karl Strickland (Feb 07)
- Re: Request for discussion. Stephen D. Williams (Feb 07)
- Re: Request for discussion. Aleph One (Feb 07)
- Re: Request for discussion. Julian Assange (Feb 08)
- Re: Request for discussion. Casper Dik (Feb 08)
- Re: Request for discussion. Karl Strickland (Feb 08)
- Re: Request for discussion. Casper Dik (Feb 08)
- Sniffer FAQ Christopher Klaus (May 27)
- Security FAQes Update Christopher Klaus (May 27)
- Re: Request for discussion. Silicon Avatar (Feb 09)
- X authentication Timothy Newsham (Feb 09)
- Re: X authentication Stephen Gildea (Feb 10)
- Semaphores/Setuid root... problem? Pete Hartman (Feb 09)