Bugtraq mailing list archives
Re: Exploiting Zolaris 2.4 ?? :)
From: fox () mailhost rsn hp com (David DeSimone)
Date: Sun, 4 Aug 1996 14:46:14 -0500
Even if a program can dump core into a writable directory, that is not the same thing as being able to overwrite a file. If you make a symlink core -> /etc/passwd, the dump will only succeed if /etc/passwd is also writable by the setgid group. If that's the case, then you are in trouble. -- David DeSimone | "The doctrine of human equality reposes on this: fox () convex hp com | that there is no man really clever who has not Hewlett-Packard | found that he is stupid." -- Gilbert K. Chesterson Convex Division | PGP: 5B 47 34 9F 3B 9A B0 0D AB A6 15 F1 BB BE 8C 44
Current thread:
- Exploiting Zolaris 2.4 ?? :) Aleph One (Aug 03)
- Re: Exploiting Zolaris 2.4 ?? :) Casper Dik (Aug 04)
- Re: Exploiting Zolaris 2.4 ?? :) David DeSimone (Aug 04)
- Re: Exploiting Zolaris 2.4 ?? :) Grant Kaufmann (Aug 05)
- Re: Exploiting Zolaris 2.4 ?? :) Casper Dik (Aug 06)
- problems in /usr/Cadmin/bin for IRIX 5.3 Grant Kaufmann (Aug 05)
- CERT Advisory CA-96.16 - Vulnerability in Solaris admintool CERT Advisory (Aug 05)
- Re: group-setuid core hole Justin Mason (Aug 06)
- problems in /usr/Cadmin/bin for IRIX 5.3: EXPLOIT Grant Kaufmann (Aug 06)
- CERT Advisory CA-96.17 - Vulnerability in Solaris vold CERT Advisory (Aug 06)
- Re: Exploiting Zolaris 2.4 ?? :) Casper Dik (Aug 04)