Bugtraq mailing list archives

Re: SigSev -> Security Hole

From: brian () saturn net (Brian Mitchell)
Date: Wed, 21 Aug 1996 01:31:54 -0400


On Wed, 21 Aug 1996, Tim Smithers wrote:

In regards to the overrunning of arrays,
is the sigsev, core dumped a true indication of
an exploitable security hole?

I think quite a few suid binaries exhibit this behaviour
but how many are exploitable?

        -mouse


Perhaps im missing something, but I thought suid and sgid programs were
non-dumpable. As for the sigsegv itself, it generally means you are
stomping on memory that is not yours to stomp on, this may or may not be
exploitable.

Brian Mitchell                                          brian () saturn net
"I never give them hell. I just tell the truth and they think it's hell"
- H. Truman

Current thread:

Re: libresolv+ bug, (continued)
- - Re: libresolv+ bug Alan Cox (Aug 20)
  - Re: libresolv+ bug Thomas Ptacek (Aug 20)
    - Re: libresolv+ bug Julian Assange (Aug 21)
- Re: libresolv+ bug John Nemeth (Aug 20)
- Re: libresolv+ bug Andi Gutmans (Aug 20)
  - Re: libresolv+ bug Jon Lewis (Aug 20)
    - Re: libresolv+ bug Elliot Lee (Aug 20)
  - Re: libresolv+ bug Nick Andrew (Aug 20)
    - Re: libresolv+ bug Jon Lewis (Aug 20)
  - SigSev -> Security Hole Tim Smithers (Aug 20)
    - Re: SigSev -> Security Hole Brian Mitchell (Aug 20)
- Re: libresolv+ bug Don Lewis (Aug 20)
- Re: libresolv+ bug Zygo Blaxell (Aug 21)
- Re: libresolv+ bug Zygo Blaxell (Aug 21)
  - Re: libresolv+ bug Julian Assange (Aug 21)
  - Re: libresolv+ bug Thomas Ptacek (Aug 21)
    - Re: libresolv+ bug Nick Andrew (Aug 22)
    - Re: libresolv+ bug John Macdonald (Aug 22)
    - Re: libresolv+ bug David Holland (Aug 22)
    - Re: libresolv+ bug Zygo Blaxell (Aug 22)
- Re: libresolv+ bug Mikolaj J. Habryn (Aug 23)